![]() Each session would end up with a file like this: In order to collect as many logs as possible, I wrote a simple crawler that would google around for very specific keywords, collect the results, then visit the pages, download them to a file, and parse the result. ![]() And since HijackThis Log has a very specific ‘look and feel’, it was pretty easy to parse it. At a certain point in history, lots of people were using it and were posting its logs on forums – for hobbyist malware analysts to review. Antivirus companies, and later sandbox companies had tones of such metadata, but an average Joe could only dream about it. Long before endpoint event logging became a norm it was incredibly difficult to collect information about popular processes, services, paths, CLSIDs, etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |