reverse engineering malware workshop
DESCRIPTION
Presentation Slides of workshop I delivered on Malware Reversing at Cyber Secure Pakistan 2014 conference.TRANSCRIPT
Reverse Engineering MalwareHands-on Workshop
$whoami
@mustafaqasim
Class Introduction
What’s REM
Evolution of Virus/Malware
Virus vs. Malware
Malware Classification
Adware, Clicker SpamInfoStealer,
Spyware
Ransomware Trojan Horse Rootkit, Backdoor
Virus Worms Botnet
Downloader Launcher
Reverse Engineering Malware
Static Analysis
Dynamic Analysis
Basic Static Analysis
Advanced Static Analysis
Basic Dynamic Analysis
Advanced Dynamic Analysis
Covered in this Workshop
Basic Static AnalysisBasic Dynamic Analysis
Malware Analysis Lab
Lab Requirements
IsolatedEmulate Intel Arch.Virtualized vs. Physical
Virtualization Pro & Con
Lights, Camera, Action
Boot your VMs :)
Basic Static Analysis
Hash
Strings
Packers
Packer Detection
Linked Libraries
StaticDynamic (Runtime, Loadtime)
Portable Executable (PE) Format
Used by Windows OS Loader for files like exe, dll, ocx.
PE Header reveals a function
URLDownloadToFile
Explore Dynamic Linked Functions
Dependency WalkerResource Hacker
PEView
Basic Dynamic Analysis
Regshot
Process Monitor
Process Explorer
Wireshark
Lab
Analysis of an IRC botnet malware
Q & A