Mastering Malware Analysis

Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

About This Course

Skills You’ll Get

1

Preface

  • Who this course is for
  • What this course covers
  • To get the most out of this course
  • Conventions used
2

Cybercrime, APT Attacks, and Research Strategies

  • Why malware analysis?
  • Exploring types of malware
  • The MITRE ATT&CK framework explained
  • APT and zero-day attacks and fileless malware
  • Choosing your analysis strategy
  • Setting up the environment
  • Summary
3

A Crash Course in Assembly and Programming Basics

  • Basics of informatics
  • Architectures and their assembly
  • Becoming familiar with x86 (IA-32 and x64)
  • Exploring ARM assembly
  • Basics of MIPS
  • Diving deep into PowerPC
  • Covering the SuperH assembly
  • Working with SPARC
  • Moving from assembly to high-level programming languages
  • Summary
4

Basic Static and Dynamic Analysis for x86/x64

  • Working with the PE header structure
  • Static and dynamic linking
  • Using PE header information for static analysis
  • PE loading and process creation
  • Basics of dynamic analysis using OllyDbg and x64dbg
  • Debugging malicious services
  • Essentials of behavioral analysis
  • Summary
5

Unpacking, Decryption, and Deobfuscation

  • Exploring packers
  • Identifying a packed sample
  • Automatically unpacking packed samples
  • Manual unpacking techniques
  • Dumping the unpacked sample and fixing the import table
  • Identifying simple encryption algorithms and functions
  • Advanced symmetric and asymmetric encryption algorithms
  • Applications of encryption in modern malware – Vawtrak banking Trojan
  • Using IDA for decryption and unpacking
  • Summary
6

Inspecting Process Injection and API Hooking

  • Understanding process injection
  • DLL injection
  • Diving deeper into process injection
  • A dynamic analysis of code injection
  • Memory forensics techniques for process injection
  • Understanding API hooking
  • Exploring IAT hooking
  • Summary
7

Bypassing Anti-Reverse Engineering Techniques

  • Exploring debugger detection
  • Handling the evasion of debugger breakpoints
  • Escaping the debugger
  • Understanding obfuscation and anti-disassemblers
  • Detecting and evading behavioral analysis tools
  • Detecting sandboxes and VMs
  • Summary
8

Understanding Kernel-Mode Rootkits

  • Kernel mode versus user mode
  • Windows internals
  • Rootkits and device drivers
  • Hooking mechanisms
  • DKOM
  • Process injection in kernel mode
  • KPP in x64 systems (PatchGuard)
  • Static and dynamic analysis in kernel mode
  • Summary
9

Handling Exploits and Shellcode

  • Getting familiar with vulnerabilities and exploits
  • Cracking the shellcode
  • Exploring bypasses for exploit mitigation technologies
  • Analyzing Microsoft Office exploits
  • Studying malicious PDFs
  • Summary
10

Reversing Bytecode Languages – .NET, Java, and More

  • The basic theory of bytecode languages
  • .NET explained
  • .NET malware analysis
  • The essentials of Visual Basic
  • Dissecting Visual Basic samples
  • The internals of Java samples
  • Analyzing compiled Python threats
  • Summary
11

Scripts and Macros – Reversing, Deobfuscation, and Debugging

  • Classic shell script languages
  • VBScript explained
  • VBA and Excel 4.0 (XLM) macros and more
  • The power of PowerShell
  • Handling JavaScript
  • Behind C&C – even malware has its own backend
  • Other script languages
  • Summary
12

Dissecting Linux and IoT Malware

  • Explaining ELF files
  • Exploring common behavioral patterns
  • Static and dynamic analysis of x86 (32- and 64-bit) samples
  • Learning about Mirai, its clones, and more
  • Static and dynamic analysis of RISC samples
  • Handling other architectures
  • Summary
13

Introduction to macOS and iOS Threats

  • Understanding the role of the security model
  • File formats and APIs
  • Attack stages
  • Advanced techniques
  • Static and dynamic analysis of macOS and iOS samples
  • The analysis workflow
  • Summary
14

Analyzing Android Malware Samples

  • (Ab)using the Android internals
  • Understanding Dalvik and ART
  • File formats and APIs
  • Malware behavior patterns
  • Static and dynamic analysis of threats
  • Summary

1

Cybercrime, APT Attacks, and Research Strategies

  • Using the Backdoor Tool
  • Examining Spyware
  • Simulating a DDoS Attack
  • Scanning and Classifying Different Types of Viruses
  • Examining MITRE ATT&CK
  • Performing Reconnaissance
  • Installing VirtualBox
2

A Crash Course in Assembly and Programming Basics

  • Performing the AND Operation
  • Understanding Circular shift (Rotate) Operator
  • Understanding OR and XOR operator
3

Basic Static and Dynamic Analysis for x86/x64

  • Displaying the PE Header
  • Analyzing a Sample with OllyDbg
  • Turning on DEP
  • Using Resource Monitor
  • Tracing Packets Using Wireshark
4

Unpacking, Decryption, and Deobfuscation

  • Using an Asymmetric Algorithm
  • Using a Symmetric Algorithm
5

Inspecting Process Injection and API Hooking

  • Exploring Windows Registry Entries
  • Performing Code Injection
  • Using Volatility for Memory Forensic Analysis
6

Bypassing Anti-Reverse Engineering Techniques

  • Executing Batch Scripting Commands in Windows
  • Detecting Virtualization through Registry Keys
7

Understanding Kernel-Mode Rootkits

  • Performing an MITM Attack
  • Detecting Rootkits
8

Handling Exploits and Shellcode

  • Launching a DoS Attack
  • Performing Local Privilege Escalation
9

Reversing Bytecode Languages – .NET, Java, and More

  • Exploring Packers Using the PEiD Tool
10

Scripts and Macros – Reversing, Deobfuscation, and Debugging

  • Understanding the Bash Command-line Interface
  • Executing PowerShell Command-line Arguments
11

Dissecting Linux and IoT Malware

  • Using Syscalls for Filesystem, Network, and Process Management
  • Accessing the Assembly Code
  • Using TCPdump to Capture Packets
12

Analyzing Android Malware Samples

  • Running the Android Emulator on a Virtual Machine

Related Courses

All Course
scroll to top