Use DIE, CFF explorer to conduct the static analysis. Reverse C/C++ ghidra Reverse C# dnspy ILSpy dotPeek After decompiling Export the decompiled code to Microsoft Visual studio/Microsoft Visual Code, setup a remote server, try to debug the source code. Other tools for the debugging API Monitor ollydbg ⇢ attach the process for debugging Wireshark Others Feodo TrackerFeodo Tracker tracks botnet C&Cs associated with Emotet (aka Heodo), Dridex, TrickBot and QakBot GitHub - hasherezade/pe-sieve: Scans a given process. Recognizes and dumps...

Microsoft July patch adds new fields to Windows Security events: what does it mean for a SOC/DFIR team? | by SOC Inspiration | Jul, 2024 | Medium