In this video course, we start with the basic concepts of malware and you’ll get familiar with the different types of malware and the malware analysis process. Before moving on with the techniques of malware analysis, you’ll see how to set up your own lab to make a secure environment for malware analysis.
Moving on, you’ll get familiar with the basic techniques of static and dynamic malware analysis and gets your hands dirty with debuggers and disassemblers such as OllyDbg and IDA PRO. you’ll learn how to analyze malware and understand its anatomy using these tools and techniques. Finally, you’ll be exposed to the techniques that malware may use to evade detection and remain undetected.
By the end of the course, you’ll have a solid knowledge that will enable you to analyze the majority of malware programs.
The course has some hands-on sections to create basic familiarity with malware analysis environments; ensure machine being used has support for virtualization preferably using VirtualBox or VMWare. There are sections with testing elements that allow for knowledge gap analysis to ensure you can revisit any unclear sections. Looking forward to walking this journey with you and ensuring you gain interest in becoming a formidable incident responder or malware analyst/enthusiast going forth.
Introduction to Malware and Setting Up Your Own Lab
This video will give you an overview about the course.
In this video, we are going to take a look at an introduction as to what exactly malware is and why we need to learn malware analysis as a practice.
Understand what malware is and what components are required for any software to be considered malicious
Understand malware analysis practice
Gain insight on how malware analysis can benefit us and enrich our security practice
This video aims to give insight as to what types of malware are available in the modern world and how they differ. This gives a better understanding from a security perspective, the role they play in the ecosystem of cyber security.
Understand the most commonly used types of malware that are available in the world
Gain insight on the metrics used to classify the various discussed malware types
Understand the current shift or trend in the malware space; which will allow the you to know what to protect most against and what their biggest threats are
This video aims to show the standard way of performing malware analysis, so as to gain a full understanding of breaking down malware.
Learn how to prepare malware analysis
Explain the stages in the lifecycle of malware analysis that are followed, and how they relate to each other
See the types of malware analysis that would be performed.
Gain insight on how any malware analysis lab needs to take advantage of using snapshots, which are basically states of virtual machines as of a given point in time.
Understand what snapshots are in order to appreciate the role they play in malware analysis
See how screenshots becomes paramount to gain insight as to why we need them and in what scenarios we can use them
Learn to use the snapshots correctly so that one can also configure their snapshots appropriately.
One of the key things in malware analysis is not only using an already built lab but learning to setup one in a way that allows customization and security based on one’s resources. This video takes us through the process of coming up with an easy, and secure analysis lab.
Learn how to setup a basic virtual machine to host the Lab and its constituents, that is guest operating systems
Equip the lab with the right tools of trade to perform malware analysis once done with setting up a lab
See how you will be able to tweak the virtual machine a bit in order to begin securing it. This will enable them not only users of a lab, it makes them professionals as they can implement the lab based on different needs
In this video, we will understand that it is important to know some of the agreed and non-agreed conventions in malware analysis in order to stay safe.
Explain how malware analysis is risky and care has to be taken in performing analysis, and some safeguards to be considered
Prepare a checklist of things to do and not do when analyzing malware so that they are adequately prepared for it
Questions to test your understanding of the concepts in this section.
Dynamic Malware Analysis
In this video, we are going to take a look at an introduction as to what exactly dynamic analysis is and why we need to learn how to study malware behaviour.
Understand what dynamic analysis is all about
Understand why we need to learn to perform dynamic analysis/behavioral analysis in study of malware
Gain an overview on how to perform dynamic analysis
This video aims to give insight as to how to monitor system processes which is one aspect of dynamic analysis and understand the execution of malware and its effect on system processes through its lifecycle.
Understand how to monitor the process of systems in order to detect changes to them that would have a negative effect
Learn why we monitor these processes to detect anomalies
Gain insight to the things to look out for when monitoring processes which will equip you with the necessary knowledge to keep track of process anomalies
This video aims to show the standard way of performing network traffic analysis so as to gain insight as to possibilities of information exfiltration or communication with a command and control centre.
Learn why the network traffic analysis is needed and when it becomes applicable in malware analysis
Learn how to perform traffic analysis to differentiate good traffic from bad traffic and the tools that can be used for this
Learn about the things to look out for during traffic analysis; this will equip you with the ability to quickly detect anomalies in information being sent to and from the network
This video aims to introduce the user to debuggers and why they are a key asset in dynamic malware analysis.
Understand what debuggers are in order to appreciate the role they play in malware analysis
Gain insight as to what role debuggers play and when we can use them
Understand some various terms associated with debuggers in order to appreciate the features which will prep them for the usage of debuggers in later videos
One of the key things in proactive malware handling is detecting local changes to systems; this video gives insight as to some of the strategies for this.
Understand why there is a need to keep track of local changes in order to ensure all assets in the ecosystem conform
Understand how to do detect local changes and strategies that can be implored
Understand how to leverage various tools and capabilities that can help with detecting local changes to systems
This video aims to single out one of the debuggers that is commonly used and is easy to use in the dynamic malware analysis space.
Learn a bit about OllyDbg and get an overview of what it is and what it does
Gain a bit of understanding as to why OllyDbg is highly preferred
Understand some of its key features that differentiates it from other debuggers or rather that makes it friendlier enabling the user to appreciate its need
This video aims to utilize the knowledge gained in the two previous videos on debuggers to perform a basic analysis using OllyDbg.
Learn how to use OllyDbg for malware analysis and the key features and how they interconnect during actual analysis
Learn how to relate the concepts learned in order to use the debugger more effectively and the things to look out for
Perform a basic analysis on the malware samples provided using OllyDbg
This quiz tests your understanding of the concepts of malware behaviour
Static Malware Analysis
In this video we are going to take a look at an introduction as to what exactly static analysis is and why we need to learn how to study malware artefacts.
Understand what static analysis is and its importance
Understand why we would choose and use static analysis as a mode of malware analysis
Gain an overview of how to perform static analysis
This video aims to introduce the user to the x86 instruction set so that they can understand from a low level language perspective how the machine interprets instructions even for malware.
Learn about an overview of the x86 architecture and the ABCD of registers
Understand the structure of registers and what function each performs which also includes an understanding of the memory space for each register
Get a simple but practical example of how to interpret assembly in an x86 perspective when source is not available that will enable you to understand common interactions within memory and how it is allocated
This video aims to introduce the user to various file formats so that they can understand various forms in which malware is distributed.
Learn about the various forms in which malware is distributed
Understand from examples how to identify the file format of distribution using signatures making it easier to identify them
Gain insight on how to identify malware despite the file format its distributed in
This video shows the user some introductory techniques in extracting information and interpreting it in a useful manner for malware analysis.
Learn about malware binaries in an overview just to understand how this is applicable
Understand what information is sought in malware binaries that may aid with further analysis
Perform a basic static analysis to extract relevant information from sample malware enabling you to know practically artefacts that may be helpful
This video aims to give insight to a user in order for them to understand imported functionality when it comes to malware binaries.
Learn about what imports and linked files are and reasons why they exist and are used
Learn about various tools that can be used to identify imports and linked files
Understand by example how imports are found and how to interpret them
This video brings about a key concept on the use of disassemblers as a tool of trade in static analysis.
Learn about what disassemblers are and the role they play in malware analysis
Understand when usage of a disassembler is important and useful
Learn about some common disassemblers in use in day to day operations in event you want to try them out
This video singles out one of the disassemblers (IDA Pro) and its features and some nice things to use within it.
Learn about IDA Pro as a disassembler and what it has to offer
Understand when usage of an IDA Pro is important and useful
Learn about some of the key features of IDA Pro to be used in a later video when practically utilizing them
This video aims to show one some of the features learnt about in IDA Pro and how applicable they are in dissecting malware practically.
Learn about how to import samples into IDA Pro
Understand how previous information from static analysis is key in utilizing it before importing executables into IDA Pro
Perform an analysis on imported malware sample using IDA Pro and gain insight on the replicator and the bomb based on previous concepts
This quiz tests your understanding of concepts around binaries and information you can retrieve from them.
Malware Evasion Techniques
In this video, we will enhance our knowledge of debugging and how malware prevents itself from being debugged or executed while being monitored.
Learn about some more debugging terms that are related to the subject of evasion
Understand how debuggers work in a bit more detail and strategies that are possible due to this workflow
What strategies are used to evade debuggers and why they work including an example of this working
This video aims to give the user an understanding of how malware avoids disassembly when an analyst is trying to get under its hood.
Learn about what anti-disassembly is
Understand the importance of anti-disassembly to a malware developer and its effect on a malware analyst
Learn and understand how malware identifies disassemblers and how it attempts to frustrate the efforts of disassembly to remain hidden for a longer time
This video aims to introduce the user to ways in which malware evades sandboxes and also how it will identify sandbox environments.
Understand what virtual machines are in a malware analysis light
Understand how virtual machines are structured and how they work/differ from physical machines
Gain an understanding of how malware can identify an environment to determine existence within a virtual machine
This video aims to give enlightenment on what data encoding is. This is quite key to understand when data is misrepresented during malware analysis.
Understand what data coding is
Understand the purpose of data coding in malware analysis/development and how it increases complexity
Learn about the various strategies that may be implored to hide information/data within malware
This video aims to teach the user about how malware can re-create itself to have several generations of the same malware with differences.
Understand what polymorphism and metamorphism are and purpose they serve
Understand how polymorphism works and how it’s used
Learn from examples about how polymorphism would work in real life
The last video of this section aims to put everything learnt together and give an understanding of a few other strategies not covered initially in malware remaining stealthy.
Learn about various strategies not discussed before that would still be used to evade detection
Learn through examples how the anti-detection strategies work and view detection rates
Perform a section recap to glue together everything learnt in this unit of malware evasion techniques
This quiz section tests your understanding of evasion and anti-analysis techniques