reverse engineering malware workshop
Post on 18-Nov-2014
297 Views
Preview:
DESCRIPTION
TRANSCRIPT
Reverse Engineering MalwareHands-on Workshop
$whoami
@mustafaqasim
Class Introduction
What’s REM
Evolution of Virus/Malware
Virus vs. Malware
Malware Classification
Adware, Clicker SpamInfoStealer,
Spyware
Ransomware Trojan Horse Rootkit, Backdoor
Virus Worms Botnet
Downloader Launcher
Reverse Engineering Malware
Static Analysis
Dynamic Analysis
Basic Static Analysis
Advanced Static Analysis
Basic Dynamic Analysis
Advanced Dynamic Analysis
Covered in this Workshop
Basic Static AnalysisBasic Dynamic Analysis
Malware Analysis Lab
Lab Requirements
IsolatedEmulate Intel Arch.Virtualized vs. Physical
Virtualization Pro & Con
Lights, Camera, Action
Boot your VMs :)
Basic Static Analysis
Hash
Strings
Packers
Packer Detection
Linked Libraries
StaticDynamic (Runtime, Loadtime)
Portable Executable (PE) Format
Used by Windows OS Loader for files like exe, dll, ocx.
PE Header reveals a function
URLDownloadToFile
Explore Dynamic Linked Functions
Dependency WalkerResource Hacker
PEView
Basic Dynamic Analysis
Regshot
Process Monitor
Process Explorer
Wireshark
Lab
Analysis of an IRC botnet malware
Q & A
top related