Analyze McAfee quarantine files with punbup.py

Have you ever needed to extract a McAfee quarantine file? Today’s tutorial will show you how to extract a BUP file with punbup in the lab. There are many reasons to extract the files out of a McAfee quarantine file, the most common is to perform deeper analysis or to restore a file that was incorrectly identified. We will use the SANS SIFT workstation today to perform this task using the punbup.py script.

Continue reading “Analyze McAfee quarantine files with punbup.py”