getting started with malware analysis judith van stegeren
play

Getting started with malware analysis Judith van Stegeren - PowerPoint PPT Presentation

Nov 01, 2022 •29 likes •119 views

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

  1. Getting started with malware analysis Judith van Stegeren

  2. Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware analysis : the art of dissecting malware to understand how it works, how to identify it and how to defeat or eliminate it.

  3. Malware analysis: what, why, when, who

  4. Building a malware lab

  5. Building a malware lab: hardware and network http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/ Building-Malware-Analysis-Lab.html

  6. Types of malware analysis 1. Static analysis aka code analysis 2. Dynamic analysis aka behavioral analysis https://zeltser.com/mastering-4-stages-of-malware-analysis/

  7. Demo

  8. Want to know more? ◮ Practical malware analysis , Honig & Sikorski (also includes labs) ◮ A curated list of awesome malware analysis tools and resources: https: //github.com/rshipp/awesome-malware-analysis ◮ Open Courseware: http://github.com/RPISEC/Malware (course on malware analysis based on the book ‘Practical malware analysis’) ◮ anything by Lenny Zeltser (webcasts, blog articles) ◮ Digital Forensics Blog, SANS: https://digital-forensics.sans.org/blog/ ◮ http://tuts4you.com for tutorials on reverse engineering ◮ http://crackmes.de for crackme/reverseme executables to reverse :)

  9. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Breaking the bank Tracing defacers through a company network Judith van Stegeren After my

Breaking the bank Tracing defacers through a company network Judith van Stegeren After my

Breaking the bank Tracing defacers through a company network Judith van Stegeren After my graduation After my graduation Where I work Where I work What I do Demo Incident Response for fictional bank Zone-H: defacement registry Defacement

782 views • 39 slides
The Incident Responders Toolkit the stuff they dont teach you in school Judith van Stegeren

The Incident Responders Toolkit the stuff they dont teach you in school Judith van Stegeren

The Incident Responders Toolkit the stuff they dont teach you in school Judith van Stegeren After my graduation After my graduation Where I work Skill set What I do What I do Case study: incident response Incident Response for fictional

709 views • 39 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu February 22, 2018 Exploring the Online Ecosystem One nice aspect of malware analysis is that, since much of it originates online and

119 views • 10 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me Malware RE @ Trusteer, IBM, Seculert binary analysis automation sandbox development Now in vEYE Security on software container

591 views • 48 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev Stuxnet (2009) Organization Core a large .dll file 2 encrypted configuration files Dropper component Core in a stub section

703 views • 43 slides
T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide Balzarotti ACSAC, Orlando, Florida, 3-7 December 2012 Malware Analysis Scenario Analysis based on Sandboxes (API Hooking, Emulation)

798 views • 23 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim Boojoong Kang Eul Gyu Im Presented by Ruikai Zheng CISC850 Cyber Analytics 1.Introduction Malware variants developed using automated tools

206 views • 20 slides
Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life Cycle CSU Cybersecurity Center Computer Science Dept 1 1 Topics Vulnerability Life Cycle Vulnerability Discovery models 2 Vulnerability

805 views • 46 slides
IPv6 Implications for TCP/UDP Port Scanning Tim Chown tjc@ecs.soton.ac.uk IETF 65, March 23rd

IPv6 Implications for TCP/UDP Port Scanning Tim Chown tjc@ecs.soton.ac.uk IETF 65, March 23rd

IPv6 Implications for TCP/UDP Port Scanning Tim Chown tjc@ecs.soton.ac.uk IETF 65, March 23rd 2006 Dallas, TX draft-chown-v6ops-port-scanning-implications-02 Rationale The goals of the document are currently to Note the properties of

635 views • 6 slides
Protecting Against Unexpected System Calls C. M. Linn, M. Rajagopalan, S. Baker, C.

Protecting Against Unexpected System Calls C. M. Linn, M. Rajagopalan, S. Baker, C.

Protecting Against Unexpected System Calls C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, J. H. Hartman Department of Computer Science University of Arizona Presented By: Mohamed Hassan Code Injection What

227 views • 12 slides
DFAs, REs & Scanning Finite set of states: S Finite alphabet: A Transition function: a b

DFAs, REs & Scanning Finite set of states: S Finite alphabet: A Transition function: a b

DFAs, REs & Scanning Finite set of states: S Finite alphabet: A Transition function: a b T: SxA -> S A B C Start State: s Set of final states f1..fn c a A,a: B B,b: C D C,c: D D,a: A c D,c: D with s = A and F = {A,

660 views • 24 slides
Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top

Vembu BDR Suite Vembu Technologies 100+ Decade + G2 crowd Countries Experience Top Leaders-2019 www.vembu.com How to protect your business from a Ransomware attack? What is Ransomware? Types of Ransomware How it attacks? Stats for year

454 views • 16 slides
Cybersecurity Update: Latest Impacts on Aerospace & Defense Presented d by: Brandon Gunter

Cybersecurity Update: Latest Impacts on Aerospace & Defense Presented d by: Brandon Gunter

The Aerospace & Defense Forum Arizona Chapter March 9, 2017 Cybersecurity Update: Latest Impacts on Aerospace & Defense Presented d by: Brandon Gunter Senior Manager, Cybersecurity Services Brandon.Gunter@mossadams.com (206)

255 views • 11 slides
NCALC Police & Crime Plan 2016 www.northantspcc.org.uk Northamptonshire 308,000

NCALC Police & Crime Plan 2016 www.northantspcc.org.uk Northamptonshire 308,000

NCALC Police & Crime Plan 2016 www.northantspcc.org.uk Northamptonshire 308,000 Households 268 Parishs 2500 miles of Roads Nearly 750,000 people www.northantspcc.org.uk TEAMWORK www.northantspcc.org.uk We have Data, But

305 views • 17 slides
AN ANALYSIS OF TRUST IN SMART HOME DEVICES Davide Ferraris PhD Student @ University of Malaga,

AN ANALYSIS OF TRUST IN SMART HOME DEVICES Davide Ferraris PhD Student @ University of Malaga,

AN ANALYSIS OF TRUST IN SMART HOME DEVICES Davide Ferraris PhD Student @ University of Malaga, NICS lab Daniel Bastos Senior Researcher @ British Telecom Co-Authors: Dr. Carmen Fernandez Gago, Dr. Fadi El-Moussa, Prof. Javier Lopez 1 21

386 views • 15 slides

More recommend