Session 9 – Practical Reversing Part IV – Basic & Advanced Malware Analysis
This session covered the concept of basic and advanced malware analysis. Video Demo Demo Video 1: Basic Malware Analysis Demo Video 2: Advanced Malware Analysis
This session covered the concept of basic and advanced malware analysis. Video Demo Demo Video 1: Basic Malware Analysis Demo Video 2: Advanced Malware Analysis
Memory forensics is an investigation technique which involves examining the computer’s memory for forensic artifacts. This presentation covers the concept of memory forensics and shows how to perform memory forensics using an investigation scenario. Video Demo
In reverse engineering understanding cryptographic functions and packers are the two most challenging and sophisticated tasks. In real life virtually all malwares use some form of packing so understanding packing/unpacking is one of the most important task in malware analysis. Check the reference section for additional material. We highly recommend Lena151 (see reference) material for […]
This session covers the concept of basic Reverse engineering. Malwares most of time uses packers and cryptors to thwart the analysis efforts, so it becomes important to understand the concept of unpacking. This presentation covers the concept of packer and a demo showing unpacking of packer called UPX. Video Demo
About Malpimp Malpimp is an advanced API tracing tool and designed to automate the reverse engineering process. In the backend it uses pydbg to hook the APIs. It provides include and exclude policies to increase the control on the application in execution. Being command-line tool makes it perfect for automation of malware as well as […]
Reverse engineering tools are essential in understanding the functionality and the inner workings of a binary. The presentation covers the concept of some of the commonly used reverse engineering tools.
While Analyzing the malwares most of the time we don’t have its source code, so in order to understand their functionality one has to debug/disassemble the binary (executable, dll etc.), Understanding the assembly language will help you build a high level logic while your are debugging/disassembling the malware sample.
This session covered the basic concept of PE File format which is the native Windows executable file format, good understanding of it will help in reverse engineering and will help in understanding more advanced concepts of packers, loaders etc.
This session covered the concept of Windows Internals. The concept of Windows internals will allow one to understand the working of Windows operating system.
This session will guide you to prepare your lab for malware analysis.