DFIRCON - Live Online: The ALL Digital Forensics, Threat Hunting and Incident Response Training Event. Save $300 thru 10/7.

Reading Room

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.


Featuring 145 Papers as of September 8, 2020

  • Exploring the Human Fingerprints on Malware by Tobias Johansson and Robert M. Lee - November 22, 2019 

    Much of the focus of cyber threat intelligence is countering adversaries and the tools and capabilities they leverage to do target organizations harm. Malware is a popular choice by many adversaries to fulfill their goals such as access development or destructive purposes. Malware contains a wealth of information to analyze for the purpose of cyber threat intelligence. The development, operationalizing, and utilization of malware is performed by humans and these human interactions leave traces of how the malware is leveraged, its configuration data, or even the choice of the malware itself. Malware is often not unique to specific adversaries but these traces, identified in the paper simply as human fingerprints, can be useful in clustering intrusions into sets for structured analysis and satisfying intelligence requirements. This is not a new concept and there are many researchers who take advantage of these practices today. The purpose of this paper is to introduce this concept to a wider audience and also structure it around the Diamond Model as a useful tool for analysis.

  • View All Threats/Vulnerabilities Papers

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.