Dynamic Analysis Process Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Advanced Malware Analysis: Redux
Course
Time
3 hours 41 minutes
Difficulty
Advanced
CEU/CPE
5
Video Transcription
00:00
in this session. Let's examine dynamic malware analysis.
00:05
Okay, so a quick review here. Now, when we perform dynamic analysis where running malware in a sandbox environment to view what type of changes the malware is going to be making tow our host. You can usually perform this process in a couple of ways, right? You could upload your target filed to an online sandbox like virus total or hybrid analysis.
00:24
Or you can build a sand box of your own and observe the changes
00:27
in your lab, which is what we'll do here
00:30
now, in general, during the dynamic analysis process,
00:34
we're on the lookout for changes to the system such as modifications. The file system changes to the registry,
00:39
utilization of the network and changes in what processes air running. But remember, this list doesn't really end here, right? Using dynamic analysis, we can view data within files looking network sockets, packet data and a P I function parameters. No, later on, we're going to see practical examples of how to use dynamic analysis to view decrypted data.
00:59
Now, the methodology we used to detect changes to the system
01:02
this is gonna largely depend on your analysis schools But usually we follow a five step approach, which includes reverting to a clean snapshot on your virtual host. We're gonna want to set up and run our dynamic analysis tools. Then, of course, you'll want to run your target malware on your system.
01:19
And then after we let our malware run for a little while, we're going to stop those tools and we're going to analyze the results and record our findings.
01:29
Now, once we record our findings and we find that we need to make changes to the system, we can rinse and repeat this process. Now I like to repeat this process few times because it allows me to make changes to the analysis environment based on what I see.
01:45
For instance, if I see now we're making a connection to a particular port, I might make changes to give them our what it requires to run.
01:53
Alright, So let's run some malware in our lab and view the changes that it's making
Up Next
View All
Instructed By
Brian Rogalski

Brian Rogalski

CEO of Hexcapes

Instructor
Similar Content
Penetration Testing and Ethical Hacking
Course
Penetration Testing and Ethical Hacking
4.7
To assess the strength of your organization’s cybersecurity posture, you need to gather information, perform ...
7CEUs
Intro to Malware Analysis and Reverse Engineering
Course
Intro to Malware Analysis and Reverse Engineering
4.08
Are you on the path to becoming a SOC Analyst or preparing for your CEH ...
9CEUs
Become a SOC Analyst - Level 3
Career Path
Become a SOC Analyst - Level 3
This Career Path is for a Security Operations Center Analyst (SOC Analyst). This particular Career ...