- Considering malware in families
- Installing and running the IRMA reverse engineering malware detection system
- Using the VxStream service
- Enumerating auto-runs
- Using netstat and Nmap to identify open connections
- Looking at processes
- Disassembling with IDA
- Unpacking files
Skill Level Intermediate
- [Malcolm] Cyber security has developed rapidly over the last 10 years or so from a novel way of sharing information to a ubiquitous technology that supports government, business, and society. The internet is no longer an optional part of daily life, it's a data utility as important as the power and water utilities that we depend upon. The internet and the applications that we run on it are now part of the critical infrastructure of a nation. While power and water utilities are designed to be safe and reliable, the internet is yet to become a safe place to connect.
The internet is swarming with thousands, if not millions of forms of malware, written to steal identities, extract funds, conduct espionage, or deny the privacy of individuals. Whatever the intent, it's malicious. I'm Malcolm Shore, and I've spent a career helping governments and businesses protect their networks and systems against cyber attacks. In this course, I'll be introducing the techniques and tools required to reverse engineer malware.
We'll look at how we approach static and dynamic malware analysis and the tools that we can use to do that. I'll look at how we use static analysis to identify the structure of malware and begin to understand it. And how we use dynamic analysis to determine the behavior of malware. I'll also look at how researchers group malware into families as a way of understanding the code based history and the commonality this brings. I'll look at Wcrypt, the WannaCry malware as a case study in understanding how malware works.
Now let's get started with malware reverse engineering.