Join Malcolm Shore for an in-depth discussion in this video Disclaimer, part of Ransomware: Practical Reverse Engineering.
- [Instructor] This course uses a range of third-party tools. Some are commercial products and some are open-source. The download and installation instructions for all tools used in this course is available as a PDF in the associated course material. While we've done our best to ensure that the tools we use and the sites we reference are legitimate, testing sites can be targets for hackers, and we can't provide any assurance that these sites might not have been compromised when you visit them. Some of the sites which store the testing tools are detected as dangerous because the tools have similar signatures to malware and may raise antivirus alerts when you visit them.
During this course, we'll analyze live malware executables. However, with the correct handling, you'll be able to avoid any adverse activity. You need to make sure the system you use is isolated, exercise due diligence, and take personal responsibility anything you load into your system.
- Considering malware in families
- Installing and running the IRMA reverse engineering malware detection system
- Using the VxStream service
- Enumerating auto-runs
- Using netstat and Nmap to identify open connections
- Looking at processes
- Disassembling with IDA
- Unpacking files