From the course: Ethical Hacking: The Complete Malware Analysis Process
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Indicators of compromise
From the course: Ethical Hacking: The Complete Malware Analysis Process
Indicators of compromise
- [Instructor] The majority of systems today depend upon signatures based on malware hashes to detect an attempt to infiltrate malware. Signatures are effective in detecting much of what's already known, and for investigating the extent of a known intrusion. An Indicator of Compromise, or IOC, is essentially a more advanced malware signature, and may be one or more of an MD5 hash, a command and control domain name, or a known malicious IP address, a file or registry key associated with known malware, and so on. IOCs allow a particular threat to be documented in a consistent fashion, and to facilitate automated sharing of actionable threat information. To be effective, they need to be timely, relevant, accurate, specific, and actionable. The life cycle of an IOC can be seen in this graphic. When a compromise due to malware occurs, an investigation takes place and data is collected to determine what's happened and how it's happened. This provides much valuable information about the way…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.