Advertisement · 728 × 90
#
Hashtag
#MalChela
Advertisement · 728 × 90
Doug Metz
Doug Metz
@dwmetz.bsky.social
9 months ago
MalChela v3.0: Case Management, FileMiner, and Smarter Triage MalChela v3.0 enhances investigative workflows by introducing cases for organization, replacing MismatchMiner with FileMiner for improved file analysis, and suggesting tools based on file characteristics, streamlining the analysis process. #MalChela #DFIR #MalwareAnalysis

MalChela v3.0 enhances investigative workflows by introducing cases for organization, replacing MismatchMiner with FileMiner for improved file analysis, and suggesting tools based on file characteristics, streamlining the analysis process. #MalChela #DFIR #MalwareAnalysis

0 1 0 0
Doug Metz
Doug Metz
@dwmetz.bsky.social
10 months ago
Preview
Hashes for the Masses: Finding What Matters in a Sea of Samples A short while back, I released a pair of tools for building MD5 hash sets — one targeting known-good gold builds, the other designed for scanning malware corpora. The goal was simple: generate hash sets that could be used in forensics tools like Axiom Cyber to flag IOC matches during case processing. Recently, I hit a familiar problem: I had a hash and wanted to know if that file existed in my malware library.

Hashes for the Masses: Finding What Matters in a Sea of Samples #DFIR #MalwareAnalysis #Hash #MalChela

2 1 0 0
Doug Metz
Doug Metz
@dwmetz.bsky.social
10 months ago
Preview
MalChela 2.2 “REMnux” Release MalChela’s 2.2 update is packed with practical and platform-friendly improvements. It includes native support for REMnux, better tool settings, and deeper integrations with analysis tools like YARA-X, Tshark, Volatility3, and the newly improved fileanalyzer module. 🦀 REMnux Edition: Built-In Support, Zero Tweaks When the GUI loads a REMnux-specific tools.yaml profile, it enters REMnux mode.

MalChela 2.2 “REMnux” Release
More tools. More Docs. More Power.
#DFIR #MalwareAnalysis #YaraX #Volatility #Tshark #MalChela

1 1 0 0
Doug Metz
Doug Metz
@dwmetz.bsky.social
11 months ago

The output from any included tool, whether it’s a built-in tool or one you include yourself - be it a binary or a python script, all support saving in text, JSON, or markdown, depending on what looks best for your application. #DFIR #MalwareAnalysis #Rust #MalChela

0 0 0 0
Doug Metz
Doug Metz
@dwmetz.bsky.social
1 year ago
Screenshot of mStrings running on WannaCry sample and successfully detecting network IOC.

Screenshot of mStrings running on WannaCry sample and successfully detecting network IOC.

For fun I decided to run mStrings against an old WannaCry sample. Network IOC results were spot on! github.com/dwmetz/MalCh... #DFIR #MalwareAnalysis #Rust #MalChela

1 0 0 0