Skip to content

Latest commit

 

History

History
103 lines (83 loc) · 6.88 KB

README.md

File metadata and controls

103 lines (83 loc) · 6.88 KB
Raw

Malware Analysis Resources

Malware is any software intentionally designed to cause disruption to a computer, erver, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. The main role of a malware analyst is to understand how malware works, what it is designed to do, and how to prevent it from causing harm to computer systems and networks. There are mainly two ways to analyze a malware.

  1. Static Analysis
  2. Dynamic Analysis

Static Analysis

1. Basic static analysis

  • View malware without looking at instructions.
  • Tools: VirusTotal, strings.
  • Quick and easy but fails for advanced malware and can miss important behavior.
  • Examines malware without running it.
  • Tools: VirusTotal, strings, a disassembler like IDA Pro (A disassembler is a computer program that translates machine language into assembly language).

2.Advanced static analysis

  • Reverse-engineering with a disassembler.
  • Complex, requires understanding of assembly code.

Dynamic Analysis

  • Run the malware and monitor its effect
  • Use a virtual machine and take snapshots
  • Tools: RegShot, Process Monitor, Process Hacker, CaptureBAT
  • RAM Analysis: Mandant Redline and Volatility

1. Basic dynamic analysis

  • Easy but requires a safe test environment
  • Not effective on all malware

2.Advanced Dynamic Analysis

  • Run code in a debugger.
  • Examines internal state of a running malicious executable.

👉 THE FUNDAMENTAL

Resources Link
Architecture 1001: x86-64 Assembly on OpenSecurityTraining2 by Xeno Kovah Link
Architecture 1001: x86-64 Assembly on OpenSecurityTraining2 by Xeno Kovah Link
Learn C Link
Malware Analysis Fundamentals by MalwareAficionado Link

👉 MALWARE ANALYSIS 101

Resources Link
How can you start learning Malware Analysis by Lenny Zeltser Link
Malware Analysis and Reverse Engineering Study Plan for Beginners by Alex Perotti Link
Malware Noob2Ninja Course by Neil Fox Link
Malware Analysis in 5+ Hours - Full Course - Learn Practical Malware Analysis by HuskyHacks Link
Malware Analysis Bootcamp by HackerSploit Link

👉 TOOLS

Name Description Link
Virustotal Overall scan the files and gives initial context about the malware Link
HashCalc GUI tool to calculate hash of a malware Link
PEiD PEiD detects most common packers, cryptors and compilers for PE files Link
PE Studio Explore PE Header of a malware Link
TrID Commandline utility to verify binary signature with malicious files Link
Microsoft Sysinternals A suite of program use in various analysis Link
Process Explorer Hierarchical view of processes Link
PE Explorer Inspect PE header of the malware and overall inside of the malware Link
Procmon Monitor every process in the system Link
TCP View Track TCP traffic for the host machine Link
Apate DNS GUI tool to capture DNS request Link
REGShot Take registry shots before and after malware execution to detect registry changes in the system Link
HxD A easy to use GUI to searching and replacing, exporting, checksums/digests, insertion of byte patterns, a file shredder, concatenation or splitting of files, statistics of the malware Link
Resource Hacker It used to add, modify or replace most resources within Windows binaries including strings, images, dialogs, menus, VersionInfo and Manifest resources Link
IDA Pro A de-compiler form high level to low. Great for static analysis Link
Ollydbg OllyDbg is a popular debugger for Windows that is commonly used for software reverse engineering, debugging, and malware analysis. It allows users to analyze and modify the behavior of binary code running on Windows systems. Best for Dynamic Analysis Link
Flare VM A script that turns a windows VM into a malware analysis VM installing all the necessary tools and utility Link

👉 EXERCISE

Resources Link
Malware Traffic Analysis by the community Link
Reverse Engineering for Beginners by Ophir Harpaz Link
BlueYard - BlueTeam Challenges Link
MAL: Malware Introductory Link
Basic Malware RE Link
MAL: Researching Link
Dissecting PE Headers Link
The Basic Static Analysis Link
The Basic Dynamic Analysis Link

👉 CHEAT SHEET

Resource Link
Cheat Sheet for Analyzing malicious software by Lenny Zeltser Link
Analyzing Malicious Documents Cheat Sheet by Lenny Zeltser Link

👉 𝗠𝗔𝗟𝗪𝗔𝗥𝗘 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧

Resources Link
Awesome Malware Development by rootkit-io Link
Malware Development par 1 of 9 by 0xPat Link