 |
Dynamic Malware Analysis Day 3 Part 09 - Hiding Files Lab IMWorm |
 |
by Veronica Kovah |
 |
Thumbnail |
|
Download |
 |
Web page |
|
|
|
Get the class materials to follow along at |
|
http://www.open |
|
securitytraining.info/MalwareDynamicAnalysis.html |
|
Follow us on Twitter for class news @OpenSecTraining. |
|
|
|
This introductory malware dynamic analysis class by |
|
Veronica Kovah is dedicated to people who are starting to |
|
work on malware analysis or who want to know what kinds |
|
of artifacts left by malware can be detected via various |
|
tools. The class will be a hands-on class where students |
|
can use various tools to look for how malware is: |
|
Persisting, Communicating, and Hiding |
|
|
|
We will achieve the items above by first learning the |
|
individual techniques sandboxes utilize. We will show how |
|
to capture and record registry, file, network, mutex, |
|
API, installation, hooking and other activity undertaken |
|
by the malware. We will create fake network responses to |
|
deceive malware so that it shows more behavior. We will |
|
also talk about how using MITRE's Malware Attribute |
|
Enumeration & Characterization (MAEC - pronounced "Mike") |
|
standard can help normalize the data obtained manually or |
|
from sandboxes, and improve junior malware analysts' |
|
reports. The class will additionally discuss how to take |
|
malware attributes and turn them into useful detection |
|
signatures such as Snort network IDS rules, or YARA |
|
signatures. |
|
|
|
Dynamic analysis should always be an analyst's first |
|
approach to discovering malware functionality. But this |
|
class will show the instances where dynamic analysis |
|
cannot achieve complete analysis, due to malware tricks |
|
for instance. So in this class you will learn when you |
|
will need to use static analysis, as offered in follow |
|
the follow on Introduction to Reverse Engineering and |
|
Reverse Engineering Malware classes. |
|
|
|
During the course students will complete many hands on |
|
exercises. |
|
|
|
Course Objectives: |
|
* Understand how to set up a protected dynamic malware |
|
analysis environment |
|
* Get hands on experience with various malware behavior |
|
monitoring tools |
|
* Learn the set of malware artifacts an analyst should |
|
gather from an analysis |
|
* Learn how to trick malware into exhibiting behaviors |
|
that only occur under special conditions |
|
* Create actionable detection signatures from malware |
|
indicators |
|
|
|
This class is recommended for a later class on malware |
|
static analysis. This is so that students understand both |
|
techniques, and utilize the technique which gives the |
|
quickest answer to a given question. |
|
|
|
|
|
Date Published: 2015-10-05 00:23:01 |
|
Identifier: Day3Part9DynamicMalwareAnalysis |
|
Item Size: 831408477 |
|
Media Type: movies |
|
|
|
# Topics |
|
OpenSecurityTraining.info |
|
Reverse Engineering |
|
Malware |
|
Malware Analysis |
|
Dynamic Analysis |
|
Malware Dynamic Analysis |
|
VirtualBox |
|
PE |
|
Portable Executable |
|
File Identification |
|
Windows Libraries |
|
Windows Processes |
|
Windows Registry |
|
Windows Services |
|
Networking |
|
Wireshark |
|
Malware Terminology |
|
Behavioral Analysis |
|
Malware Sandbox |
|
CuckooBox |
|
Malware Persistence |
|
AutoRuns |
|
Malware Maneuvering |
|
DLL Injection |
|
API Tracing |
|
Win32Override |
|
RegShot |
|
ProcMon |
|
Process Monitor |
|
Poison Ivy RAT |
|
YARA |
|
Computer security class |
|
Computer Security |
|
Cyber Security |
|
CyberSecurity |
|
Host Security |
|
Training |
|
Education |
|
Multi-day-class |
|
Multi-day-training |
|
Classes |
|
Computer |
|
Computers |
|
Security |
|
Technology |
|
|
|
# Collections |
|
opensecuritytraining |
|
computersandtechvideos |
|
|
|
# Uploaded by |
|
@opensecuritytraining_info |
|
|
|
# Similar Items |
|
View similar items |
|
|
|
PHAROS |
|
