"Passive" analysis of a phishing attachment, (Mon, May 1st)

When it comes to analysis of malicious code, one often has to weigh the potential benefits of a quick, dynamic analysis, which might cause the code to interact with infrastructure operated by a threat actor and thus “break OPSEC”, against the benefits of a slower approach based mostly on static analysis techniques.

Article Link: https://isc.sans.edu/diary/rss/29798