<p><a target="_blank" href="https://www.jaiminton.com/cheatsheet/DFIR/#ftk-imager-cmd-version-mostly-gui-for-new-versions">https://www.jaiminton.com/cheatsheet/DFIR/#ftk-imager-cmd-version-mostly-gui-for-new-versions</a></p>
<h2 id="heading-online-services">Online Services</h2>
<p><a target="_blank" href="https://www.virustotal.com/gui/home/upload">https://www.virustotal.com/gui/home/upload</a></p>
<p><a target="_blank" href="https://www.hybrid-analysis.com/">https://www.hybrid-analysis.com/</a></p>
<p><a target="_blank" href="https://koodous.com/">https://koodous.com/</a></p>
<p><a target="_blank" href="https://analyze.intezer.com/">https://analyze.intezer.com/</a></p>
<h2 id="heading-offline-antivirus">Offline antivirus</h2>
<h3 id="heading-yara">Yara</h3>
<p>Install</p>
<p>sudo apt-get install -y yara</p>
<h3 id="heading-prepare-rules">Prepare rules</h3>
<p>Use this script to download and merge all the yara malware rules from github:</p>
<p><a target="_blank" href="https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9">https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9</a></p>
<p>Create the <strong><em>rules</em></strong> directory and execute it. This will create a file called <strong><em>malware_rules.yar</em></strong> which contains all the yara rules for malware.</p>
<pre><code class="lang-plaintext">wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
mkdir rules
python malware_yara_rules.py
</code></pre>
<h3 id="heading-scan">Scan</h3>
<pre><code class="lang-plaintext">yara -w malware_rules.yar image  #Scan 1 file
yara -w malware_rules.yar folder #Scan hole fodler
</code></pre>
<h3 id="heading-clamav">ClamAV</h3>
<p>Install</p>
<p>sudo apt-get install -y clamav</p>
<h3 id="heading-scan-1">Scan</h3>
<pre><code class="lang-plaintext">sudo freshclam      #Update rules
clamscan filepath   #Scan 1 file
clamscan folderpath #Scan the hole folder
</code></pre>
<h3 id="heading-rkhunter">rkhunter</h3>
<p><a target="_blank" href="https://rkhunter.sourceforge.net/">https://rkhunter.sourceforge.net/</a></p>
<p>sudo ./rkhunter --check -r / -l /tmp/rkhunter.log [--report-warnings-only] [--skip-keypress]</p>
<h3 id="heading-pepper">PEpper</h3>
<p>Checks some basic stuff inside the executable (binary data, entropy, URLs and IPs, some yara rules).</p>
<p><a target="_blank" href="https://github.com/0x0be/PEpper">https://github.com/0x0be/PEpper</a></p>
<p><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1720043350805/70f5af93-25d1-496c-932b-2e533d1b59b8.png" alt class="image--center mx-auto" /></p>
<p><a target="_blank" href="https://ayo.so/morganbinbash">https://ayo.so/morganbinbash</a></p>


[https://www.jaiminton.com/cheatsheet/DFIR/#ftk-imager-cmd-version-mostly-gui-for-new-versions](https://www.jaiminton.com/cheatsheet/DFIR/#ftk-imager-cmd-version-mostly-gui-for-new-versions)

## Online Services

[https://www.virustotal.com/gui/home/upload](https://www.virustotal.com/gui/home/upload)

[https://www.hybrid-analysis.com/](https://www.hybrid-analysis.com/)

[https://koodous.com/](https://koodous.com/)

[https://analyze.intezer.com/](https://analyze.intezer.com/)

## Offline antivirus

### Yara

Install

sudo apt-get install -y yara

### Prepare rules

Use this script to download and merge all the yara malware rules from github:

[https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)

Create the ***rules*** directory and execute it. This will create a file called ***malware\_rules.yar*** which contains all the yara rules for malware.

```plaintext
wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
mkdir rules
python malware_yara_rules.py
```

### Scan

```plaintext
yara -w malware_rules.yar image  #Scan 1 file
yara -w malware_rules.yar folder #Scan hole fodler
```

### ClamAV

Install

sudo apt-get install -y clamav

### Scan

```plaintext
sudo freshclam      #Update rules
clamscan filepath   #Scan 1 file
clamscan folderpath #Scan the hole folder
```

### rkhunter

[https://rkhunter.sourceforge.net/](https://rkhunter.sourceforge.net/)

sudo ./rkhunter --check -r / -l /tmp/rkhunter.log \[--report-warnings-only\] \[--skip-keypress\]

### PEpper

Checks some basic stuff inside the executable (binary data, entropy, URLs and IPs, some yara rules).

[https://github.com/0x0be/PEpper](https://github.com/0x0be/PEpper)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1720043350805/70f5af93-25d1-496c-932b-2e533d1b59b8.png align="center")

[https://ayo.so/morganbinbash](https://ayo.so/morganbinbash)

Forensics CheatSheets

Malware Analysis

As an experienced cybersecurity professional, I have excelled in various domains, cyber threat management, bounty hunter, pentester and ethical hacker.
 Leveraging my experience in cyber threat management, I proactively identify and mitigate potential risks, protecting organizations from malicious activity.
As a bounty hunter, I have successfully discovered vulnerabilities in several systems, contributing to improving the overall security posture. Adhering to the ethical principles of hacking, I follow strict ethical guidelines while discovering vulnerabilities and providing actionable insights for remediation.
My multifaceted skills have been honed through hands-on experience, continuous learning, and a commitment to staying up to date with the latest cybersecurity trends.


As an experienced cybersecurity professional, I have excelled in various domains, cyber threat management, bounty hunter, pentester and ethical hacker.
 Leveraging my experience in cyber threat manage