Want to emulate an adversary but OSINT is light on details and you don’t have access to your own forensic incident response data from a related intrusion? Building a playbook of an adversary of interest and want to add more to it? Wonder whether endpoint security controls would detect or prevent an adversary’s malware if your AV didn’t? ATT&CK Navigator doesn’t have your malware mapped as Software?
In this lightning talk I will highlight another use for malware analysis and how characteristic functions and features of a malware sample or family can serve new purposes to fill in OSINT gaps and emulate technique/procedure combinations in Python.