Oreilly - Advanced Malware Analysis
by Munir Njenga | Publisher: Packt Publishing | Release Date: September 2018 | ISBN: 9781788627146
Understand malware behavior and evade it using IDA Pro, OllyDbg, and WINDBGAbout This VideoMaster advanced malware analysis topicsHands-on experience with popular analysis toolsCovers advanced topics on malware behavior and evasionIn DetailIn this video course, we cover advanced malware analysis topics. Towards this goal, we first understand the behavior of different classes of malware. Such knowledge helps us to easily categorize malware based on its characteristic. We see how sophisticated malware can use techniques to either evade detection or increase its damage and access to the system.Then we learn advanced techniques in static and dynamic malware analysis and cover the details and powerful features of OllyDbg, IDA Pro, and WINDBG. We also explore defense mechanisms against malware, create a signature for malware, and set up an intrusion detection system (IDS) to prevent attacks. Finally, we cover the concept of packers and unpackers, and explore how to unpack packed malware to analyze it. The code bundle for this video course is available at- https://github.com/PacktPublishing/-Advanced-Malware-Analysis
- Chapter 1 : Exploring Malware Functionalities
- The Course Overview 00:04:19
- Backdoors 00:10:57
- Keyloggers and Information Stealers 00:06:37
- Downloaders 00:05:55
- Ransomware 00:09:05
- Rootkits 00:09:04
- Chapter 2 : Malware Advanced Techniques
- Privilege Escalation 00:07:32
- Persistence Methods 00:04:36
- Data Encoding 00:08:36
- Covert Launching Techniques 00:07:08
- Chapter 3 : Advanced Dynamic Malware Analysis
- Using a Debugger 00:03:12
- An Overview of the Windows Environment 00:07:20
- User Mode Debugging 00:05:44
- Malware Analysis Using OllyDbg 00:15:43
- Features of OllyDbg 00:11:12
- Kernel Mode Debugging 00:03:25
- Malware Analysis Using WINDBG 00:08:21
- Features of WINDBG 00:05:52
- Chapter 4 : Advanced Static Malware Analysis
- Advanced Notes on the x86 Architecture 00:08:34
- How a Disassembler Can Help Us 00:04:30
- Loading and Navigating Using IDA Pro 00:09:40
- Functions in IDA 00:07:49
- IDA Pro Graphic Features 00:07:28
- Analysing Malware Using IDA Pro 00:08:40
- Chapter 5 : How to Detect and Defend against Malware in a Network
- Malware Detection Techniques 00:04:58
- Steps to Clean a Compromised Network 00:05:07
- How Intrusion Detection Systems Work 00:02:22
- An Introduction to Snort 00:02:09
- How to Setup Snort? 00:12:24
- How to Create a Signature? 00:07:14
- Why Hybrid Analysis? 00:04:22
- Chapter 6 : How to Deal with Evasive Malware
- How Do Packers Work? 00:02:38
- How to Detect Packed Malware? 00:05:11
- How to Unpack a Malware Program? 00:03:16
- Examples of Unpacking a Malware Program 00:12:31
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.