Join Malcolm Shore for an in-depth discussion in this video What you should know before watching this course, part of Ransomware: Practical Reverse Engineering.
- [Instructor] This is a practical course, and during this course, I'll be using primarily Windows-based tools. I'll be using mostly public domain tools for testing, and I'll be working with machine code and assembler as we analyze malware. You should have completed my introductory course on exploits, which introduces both assembler and debugging, then use these tools yourself to become familiar with them. At the minimum, you should know the basic concepts of assembler, registers, the stack, and the instruction set.
Malware reverse engineering is a challenging pursuit, and this course is not for the faint hearted. You should be competent in the design of computer systems and network protocols, and be familiar with cryptography. You should have a strong desire to understand the techniques used by cyber attackers and learn the ways in which you can defeat them. Becoming a competent malware reverse engineer takes a little learning and a lot of experience, but if you persist, then you'll be in the rare class of elite cyber security professionals.
- Considering malware in families
- Installing and running the IRMA reverse engineering malware detection system
- Using the VxStream service
- Enumerating auto-runs
- Using netstat and Nmap to identify open connections
- Looking at processes
- Disassembling with IDA
- Unpacking files