Malware Analysis / Reverse Engineering Notes

Benefits of Dynamics analysis

Benefits of malware analysis  fast , easy  we can get indicator of compromise IOC’s Attributes, risk assessment and impact malware families   [view]

By: Muhammad Ali | Related Lesson: Dynamic Analysis Part 1.1 | Modified: April 5, 2018

Dynamic Analysis Tools for VM

Dynamic Analysis Tools for VMCapture BAT https://www.honeynet.org/node/315RegShot http://sourceforge.net/projects/regshot/PEiD http://woodmann.com/BobSoft/Files/Other/PEiD-0.95-20081103.zipLordPE http://www.woodmann.com/collaborative/tools/index.php/ [view]

By: dav99 | Related Lesson: Lab Setup Part 3 | Modified: April 4, 2018

Malware dump sites

Contagio Malware Dump – Free: pwd reqdKernelMode.infoMalshareMalwareBlacklistMalware DBMalwrOpen MalwareVirusShare [view]

By: dav99 | Related Lesson: Intro Part 3 | Modified: April 4, 2018

Malware analysis

it is better to have a false positive than a false negative. Dynamic Analyses: simple and fast can miss things. Static Analysis: reverse engineering, Slow but with time anything can be done. Hybrid: Best case [view]

By: bstark | Related Lesson: Intro Part 1 | Modified: April 4, 2018

reverse engineering tools

sysinternals MAP Pack (sandsprite.com) 010 sweetscape.com PE viewer: CFF explorer, PE explorer, PE view, PE studio disassembler: ida pro, x64_db, hopper cygwin (md5sum, gcc, xxd, strings, python) notepad++, 7zip [view]

By: aafalah | Related Lesson: Intro Part 2 | Modified: April 3, 2018

Dynamic Analysis 1.2

Download exploit to VM Download Sysinternals to VM Run Visual C runtime redistrib package (2005) Run CaptureBat Run Map run 010 editor Run rshot Run notepad copy captureBat to desktop and change shortcut pathway (properties). This is simply for conv [view]

By: conanb | Related Lesson: Dynamic Analysis Part 1.2 | Modified: April 2, 2018

Basic Dynamic Malware Analysis p1

Goals: Generate indicators of compromise (IoC’s) Determine malware type and family Assess risk and impace Attribution   [view]

By: conanb | Related Lesson: Dynamic Analysis Part 1.1 | Modified: April 1, 2018

Dynamic Analysis tools

Capture BAT (Captures major events) RegShot (Captures changes to the registry and listens for changes) PEiD (Static file parser and scanner) LordPE (Helps you dump from memory) Import Reconstructor (Rebuilds lost structures after memory dump) OllyDb [view]

By: conanb | Related Lesson: Lab Setup Part 3 | Modified: April 1, 2018

IDA

malware store value in function pointer store function pointer in register, make it difficult for disassembly to figure out what functions are being called from where. [view]

By: rocky2l | Related Lesson: Basic Static Analysis Part 3 | Modified: April 1, 2018

Malware sites

Contagio Malware dump Kernelmode info malshare Malware.db Beware: Some malware will execure upon: Being scanned, simply viewing the icon (Word, PDF, System icon), extracting the file from archive. MD5 vs SHA256. MD5 can have collisions. [view]

By: conanb | Related Lesson: Intro Part 3 | Modified: March 31, 2018

« First ‹ Previous 1 2 3 4 5 13 89 Next › Last »

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel