We've been hit, how can CyberDefenses help?

Samples and Analysis with CRITS

CyberDefenses - CDI Logo

A power function of CRITs is handling, managing and organizing the results of working with sample files.  Whether as a function of threat intelligence research, dealing with service tickets or incidents, juggling samples is always a requirement.  CRITs helps this process by providing a place to contain samples as well as automated and on-demand processing and analysis. Getting a sample into CRITs couldn’t be easier.  Below is a snapshot of a sample upload (some data removed for obvious reasons).

Once its in the system, CRITs begins its magic.  Without services brought into play, out of the box CRITs provides you a ton of instant data.

  • Filetype
  • Mimetype
  • Size
  • MD5
  • SHA1
  • SHA256
  • SSDeep

It also provides access to the rest of the tools common to any object in the system:

The real power of handling samples is via CRITs services.  Mountains of possibility exist here; a few too many to highlight them all.  A couple, though are very much worth the mention:

YARA Service is a favorite of mine.  It provides a rule checker tab that lets you run YARA rules against the sample.

RAT decoder Service leverages python scripts to decode configuration files from RATS,  an excellent time saver.

PYEW Service  lets you run a sample through the pyew, a static analysis tool.

Entropycalc Service provides an entropy map of a sample.

And, of course, all the sample upload/request services, like Virustotal that are available.

If you’re interested in learning more about how to leverage CRITs, check out our introduction to CRITs blog here.  To take your knowledge a step further, take a look at our cybersecurity trainings here.

About the author

Monty St John

Monty St John has been in the security world for more than two decades. When he is not responding to incidents he teaches classes in Threat Intelligence, Incident Response and Digital Forensics. Monty is a frequent contributor to community and industry events, presenting at BSides D.C., BSides Austin, Charm, Derbycon and several others. He lives in Austin, Texas and is a security trainer for CyberDefenses, Inc. based out of Round Rock, Texas.

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.