Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination.

Published byAubrey Tucker Modified over 6 years ago

Similar presentations

Presentation on theme: "Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination."— Presentation transcript:

1 Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination of the elements or structure of something showing the most basic knowledge about a subject

2 C:\>whoami

3 Threat Research & Incident Response Engineer
C:\>whoami Threat Research & Incident Response Engineer

4 Goals of Malware Analysis
Risk Impact Commodity Vs Targeted Defence! IOC’s / TTP’s Attribution Threat Intel Reports Fun! Profit!$$$

5 Dissasemble Source Code if (varX == 001EFD70) Assembly Code mov eax,varx Machine Code 8B F0 Binary Code Compile

6 :Code Patterns: mov eax, varX cmp eax, 0x01EFD704
jne code B Run code A jmp end if (varX == 0x01EFD704) { run code A } else { run code B } end

7 :Types of Analysis: Executable Files (. exe,. elf) Office Docs (. xls,
:Types of Analysis: Executable Files (.exe, .elf) Office Docs (.xls, .doc, .pdf) Scripting (JS, Python, Perl) Memory Forensics

8 :Knowledge: OS Internals Intel x86 CPU & Assembly File Formats RFC’s Coding

9 :Tools: Network Sniffer Virtualization Vs HW Vs Cloud Sandbox Monitoring Tools Debugger (advanced) Disassembler (advanced) Malware!

10 Static Vs Dynamic

11 Static (Advanced) IDA PRO - Disassembler

12 Dynamic (Advanced) Olly - Debugger

13 Evasive Tactics

14 Code Obfuscation VM Escape Junk Code IsDebuggerPresent API Targets Specific OS Time/Date Based And Many More!!

15 :Personality Traits: Team Player  Patient  Persistent  Inquisitive  Articulate  Crazy?!   

16

17 Sharing IS Caring!

18 RTFM /Questions?

Download ppt "Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination."

Similar presentations

Practical Malware Analysis

Practical Malware Analysis
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.

Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.
Embedded Systems Programming Introduction to cross development techniques.

Embedded Systems Programming Introduction to cross development techniques.
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.

1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Course: Introduction to Computers

Course: Introduction to Computers
Types of software. Sonam Dema..

Types of software. Sonam Dema..
Automated Malware Analysis

Automated Malware Analysis
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
F13 Forensic tool analysis Dr. John P. Abraham Professor UTPA.

F13 Forensic tool analysis Dr. John P. Abraham Professor UTPA.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Application Security Tom Chothia Computer Security, Lecture 14.

Application Security Tom Chothia Computer Security, Lecture 14.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
High-level Languages.

High-level Languages.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
COMP25212: Virtualization Learning Objectives: a)To describe aims of virtualization - in the context of similar aims in other software components b)To.

COMP25212: Virtualization Learning Objectives: a)To describe aims of virtualization - in the context of similar aims in other software components b)To.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Similar presentations

Ads by Google