Malware Analysis using #osquery | Part 3
▻https://hackernoon.com/malware-analysis-using-osquery-part-3-9dc805b67d16?source=rss----3a8144e
Malware Analysis using OsqueryThis is part 3. In part 1 of this blog series, we analyzed malware behaviour, and, in part 2, we learned how to detect persistence tricks used in malware attacks. Still, there are more types of events that we can observe with Osquery when malicious activity happens. So, in the last blog post of the series, we will discuss how to detect another example of a technique used in a malware attack, one that involves installing a root certificate in the system that can be used to intercept information transmitted over secure TLS/SSL communications (man in the middle). We will also see how to use the Alienvault Agent and Alienvault USM Anywhere to create custom rules and detect malicious activity in your environment.Detecting newly installed root certificatesRoot (...)