In summer of 2022, I setup a small lab environment at home to practice fundamental skills in incident response, digital forensics, malware analysis, and reverse engineering. I practiced these skills by studying the Remcos remote access trojan, and reported my analysis findings in the context of CISA’s Incident Response Process, which is:
Phase I, Cyber Threat Intelligence
Phase II, Detection and Analysis
Phase III, Containment
Phase IV, Eradication and Recovery
Phase V, Post-Incident Activities
This 48 page report concludes with a summary about the key findings from analyzing Remcos, as well as listing the discovered indicators of compromise, analysis tools used, and research references from top vendors and community resources.
Light on Security 