Download presentation
Presentation is loading. Please wait.
Published byAubrey Tucker Modified over 6 years ago
1
Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination of the elements or structure of something showing the most basic knowledge about a subject
2
C:\>whoami
3
Threat Research & Incident Response Engineer
C:\>whoami Threat Research & Incident Response Engineer
4
Goals of Malware Analysis
Risk Impact Commodity Vs Targeted Defence! IOC’s / TTP’s Attribution Threat Intel Reports Fun! Profit!$$$
5
Dissasemble Source Code if (varX == 001EFD70) Assembly Code mov eax,varx Machine Code 8B F0 Binary Code Compile
6
:Code Patterns: mov eax, varX cmp eax, 0x01EFD704
jne code B Run code A jmp end if (varX == 0x01EFD704) { run code A } else { run code B } end
7
:Types of Analysis: Executable Files (. exe,. elf) Office Docs (. xls,
:Types of Analysis: Executable Files (.exe, .elf) Office Docs (.xls, .doc, .pdf) Scripting (JS, Python, Perl) Memory Forensics
8
:Knowledge: OS Internals Intel x86 CPU & Assembly File Formats RFC’s Coding
9
:Tools: Network Sniffer Virtualization Vs HW Vs Cloud Sandbox Monitoring Tools Debugger (advanced) Disassembler (advanced) Malware!
10
Static Vs Dynamic
11
Static (Advanced) IDA PRO - Disassembler
12
Dynamic (Advanced) Olly - Debugger
13
Evasive Tactics
14
Code Obfuscation VM Escape Junk Code IsDebuggerPresent API Targets Specific OS Time/Date Based And Many More!!
15
:Personality Traits: Team Player Patient Persistent Inquisitive Articulate Crazy?!
17
Sharing IS Caring!
18
RTFM /Questions?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.