A Start-to-Finish Guide to Malware Analysis!: 2-in-1
- 6 hours on-demand video
- 1 downloadable resource
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to Udemy's top 3,000+ courses anytime, anywhere.Try Udemy for Business
- Gather advanced dynamic and static malware analysis.
Gain experience in working with OllyDbg, WINDBG, and IDA Pro.
Know how to detect and defend against malware.
- Detect and defend against malware.
- Master how packers and unpackers work.
- Prior knowledge of the concepts of Malware Analysis will be useful (Not Mandatory).
Are you worried about the malware that will intrude your system, and you’re looking forward to analyzing it? Then this course is the one you're looking for! The threat analysis is an on-going process that helps identify paradigm of malicious software. With hacker's regularly reintroducing network infrastructure, it is obvious to lose sight of the tools being used. Beginning with malicious program analysis, this course is centered on mapping vulnerabilities, exploits, network infrastructure, additional malware, and adversaries!
This comprehensive 2-in-1 course an easy-to-follow guide with a step-by-step approach which will get you up and running with the key concepts of malware analysis, malware behavior, and evasions! You’ll learn the art of detecting, curing, and preventing future malware threats. Master advanced malware analysis topics and techniques like IDA Pro, OllyDbg, and WINDBG! Finally, you’ll evade malware using various types of malware analysis tools and techniques!
By the end of the course, you’ll explore the basic concepts of malware and get familiar with various types of malware analysis tools and techniques like IDA Pro, OllyDbg, and WINDBG to tackle malware threats!
Contents and Overview
This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.
The first course, Fundamentals of Malware Analysis, covers basic concepts of malware and get familiar with various types of malware analysis tools and techniques. In this video course, we start with the basic concepts of malware and you’ll get familiar with the different types of malware and the malware analysis process. Before moving on with the techniques of malware analysis, you’ll see how to set up your own lab to make a secure environment for malware analysis. Moving on, you’ll get familiar with the basic techniques of static and dynamic malware analysis and gets your hands dirty with debuggers and disassemblers such as OllyDbg and IDA PRO. You’ll learn how to analyze malware and understand its anatomy using these tools and techniques. Finally, you’ll be exposed to the techniques that malware may use to evade detection and remain undetected. By the end of the course, you’ll have a solid knowledge that will enable you to analyze the majority of malware programs.
The second course, Advanced Malware Analysis, covers understanding malware behavior and evading it using IDA Pro, OllyDbg, and WINDBG. In this video course, we cover advanced malware analysis topics. Towards this goal, we first understand the behavior of different classes of malware. Such knowledge helps us to easily categorize malware based on its characteristic. We see how sophisticated malware can use techniques to either evade detection or increase its damage and access to the system. Then we learn advanced techniques in static and dynamic malware analysis and cover the details and powerful features of OllyDbg, IDA Pro, and WINDBG. We also explore defense mechanisms against malware, create a signature for malware, and set up an intrusion detection system (IDS) to prevent attacks. Finally, we cover the concept of packers and unpackers and explore how to unpack packed malware to analyze it.
By the end of the course, you’ll explore the basic concepts of malware and get familiar with various types of malware analysis tools and techniques like IDA Pro, OllyDbg, and WINDBG!
About the Author
Munir Njenga is a self-driven, multi-talented, technology enthusiast, cybersecurity consultant, and researcher. He mainly focuses on malware analysis, and web- and mobile-based application testing and methodologies. His skills and competencies stem from his active involvement in engagements that deliver advisory services such as network security reviews, security course development, training and capacity building, mobile and internet banking security reviews (BSS, MSC, HLR/AUC, IN, NGN, GGSN/SGSN), web applications, and network attack and penetration testing. Apart from his security hat, he is a poet, graphic designer, blogger, tool/application tester, social media marketer, web 2.0 developer and designer, naturalist, and traveler.
- Security Professionals and Incident Responders who want to perform deep malware analysis as well as gain knowledge about how to detect malware and defend against it!
In this video, we are going to take a look at an introduction as to what exactly malware is and why we need to learn malware analysis as a practice.
Understand what malware is and what components are required for any software to be considered malicious
Understand malware analysis practice
Gain insight on how malware analysis can benefit us and enrich our security practice
This video aims to give insight as to what types of malware are available in the modern world and how they differ. This gives a better understanding from a security perspective, the role they play in the ecosystem of cyber security.
Understand the most commonly used types of malware that are available in the world
Gain insight on the metrics used to classify the various discussed malware types
Understand the current shift or trend in the malware space; which will allow the you to know what to protect most against and what their biggest threats are
This video aims to show the standard way of performing malware analysis, so as to gain a full understanding of breaking down malware.
Learn how to prepare malware analysis
Explain the stages in the lifecycle of malware analysis that are followed, and how they relate to each other
See the types of malware analysis that would be performed.
One of the key things in malware analysis is not only using an already built lab but learning to setup one in a way that allows customization and security based on one’s resources. This video takes us through the process of coming up with an easy, and secure analysis lab.
Learn how to setup a basic virtual machine to host the Lab and its constituents, that is guest operating systems
Equip the lab with the right tools of trade to perform malware analysis once done with setting up a lab
See how you will be able to tweak the virtual machine a bit in order to begin securing it. This will enable them not only users of a lab, it makes them professionals as they can implement the lab based on different needs
Gain insight on how any malware analysis lab needs to take advantage of using snapshots, which are basically states of virtual machines as of a given point in time.
Understand what snapshots are in order to appreciate the role they play in malware analysis
See how screenshots becomes paramount to gain insight as to why we need them and in what scenarios we can use them
Learn to use the snapshots correctly so that one can also configure their snapshots appropriately.
In this video, we will understand that it is important to know some of the agreed and non-agreed conventions in malware analysis in order to stay safe.
Explain how malware analysis is risky and care has to be taken in performing analysis, and some safeguards to be considered
Prepare a checklist of things to do and not do when analyzing malware so that they are adequately prepared for it
In this video, we are going to take a look at an introduction as to what exactly dynamic analysis is and why we need to learn how to study malware behaviour.
Understand what dynamic analysis is all about
Understand why we need to learn to perform dynamic analysis/behavioral analysis in study of malware
Gain an overview on how to perform dynamic analysis
This video aims to give insight as to how to monitor system processes which is one aspect of dynamic analysis and understand the execution of malware and its effect on system processes through its lifecycle.
Understand how to monitor the process of systems in order to detect changes to them that would have a negative effect
Learn why we monitor these processes to detect anomalies
Gain insight to the things to look out for when monitoring processes which will equip you with the necessary knowledge to keep track of process anomalies
This video aims to show the standard way of performing network traffic analysis so as to gain insight as to possibilities of information exfiltration or communication with a command and control centre.
Learn why the network traffic analysis is needed and when it becomes applicable in malware analysis
Learn how to perform traffic analysis to differentiate good traffic from bad traffic and the tools that can be used for this
Learn about the things to look out for during traffic analysis; this will equip you with the ability to quickly detect anomalies in information being sent to and from the network
One of the key things in proactive malware handling is detecting local changes to systems; this video gives insight as to some of the strategies for this.
Understand why there is a need to keep track of local changes in order to ensure all assets in the ecosystem conform
Understand how to do detect local changes and strategies that can be implored
Understand how to leverage various tools and capabilities that can help with detecting local changes to systems
This video aims to introduce the user to debuggers and why they are a key asset in dynamic malware analysis.
Understand what debuggers are in order to appreciate the role they play in malware analysis
Gain insight as to what role debuggers play and when we can use them
Understand some various terms associated with debuggers in order to appreciate the features which will prep them for the usage of debuggers in later videos
This video aims to single out one of the debuggers that is commonly used and is easy to use in the dynamic malware analysis space.
Learn a bit about OllyDbg and get an overview of what it is and what it does
Gain a bit of understanding as to why OllyDbg is highly preferred
Understand some of its key features that differentiates it from other debuggers or rather that makes it friendlier enabling the user to appreciate its need
This video aims to utilize the knowledge gained in the two previous videos on debuggers to perform a basic analysis using OllyDbg.
Learn how to use OllyDbg for malware analysis and the key features and how they interconnect during actual analysis
Learn how to relate the concepts learned in order to use the debugger more effectively and the things to look out for
Perform a basic analysis on the malware samples provided using OllyDbg
In this video we are going to take a look at an introduction as to what exactly static analysis is and why we need to learn how to study malware artefacts.
Understand what static analysis is and its importance
Understand why we would choose and use static analysis as a mode of malware analysis
Gain an overview of how to perform static analysis
This video aims to introduce the user to the x86 instruction set so that they can understand from a low level language perspective how the machine interprets instructions even for malware.
Learn about an overview of the x86 architecture and the ABCD of registers
Understand the structure of registers and what function each performs which also includes an understanding of the memory space for each register
Get a simple but practical example of how to interpret assembly in an x86 perspective when source is not available that will enable you to understand common interactions within memory and how it is allocated
This video aims to introduce the user to various file formats so that they can understand various forms in which malware is distributed.
Learn about the various forms in which malware is distributed
Understand from examples how to identify the file format of distribution using signatures making it easier to identify them
Gain insight on how to identify malware despite the file format its distributed in
This video shows the user some introductory techniques in extracting information and interpreting it in a useful manner for malware analysis.
Learn about malware binaries in an overview just to understand how this is applicable
Understand what information is sought in malware binaries that may aid with further analysis
Perform a basic static analysis to extract relevant information from sample malware enabling you to know practically artefacts that may be helpful
This video aims to give insight to a user in order for them to understand imported functionality when it comes to malware binaries.
Learn about what imports and linked files are and reasons why they exist and are used
Learn about various tools that can be used to identify imports and linked files
Understand by example how imports are found and how to interpret them
This video brings about a key concept on the use of disassemblers as a tool of trade in static analysis.
Learn about what disassemblers are and the role they play in malware analysis
Understand when usage of a disassembler is important and useful
Learn about some common disassemblers in use in day to day operations in event you want to try them out
This video singles out one of the disassemblers (IDA Pro) and its features and some nice things to use within it.
Learn about IDA Pro as a disassembler and what it has to offer
Understand when usage of an IDA Pro is important and useful
Learn about some of the key features of IDA Pro to be used in a later video when practically utilizing them
This video aims to show one some of the features learnt about in IDA Pro and how applicable they are in dissecting malware practically.
Learn about how to import samples into IDA Pro
Understand how previous information from static analysis is key in utilizing it before importing executables into IDA Pro
Perform an analysis on imported malware sample using IDA Pro and gain insight on the replicator and the bomb based on previous concepts
In this video, we will enhance our knowledge of debugging and how malware prevents itself from being debugged or executed while being monitored.
Learn about some more debugging terms that are related to the subject of evasion
Understand how debuggers work in a bit more detail and strategies that are possible due to this workflow
What strategies are used to evade debuggers and why they work including an example of this working
This video aims to give the user an understanding of how malware avoids disassembly when an analyst is trying to get under its hood.
Learn about what anti-disassembly is
Understand the importance of anti-disassembly to a malware developer and its effect on a malware analyst
Learn and understand how malware identifies disassemblers and how it attempts to frustrate the efforts of disassembly to remain hidden for a longer time
This video aims to introduce the user to ways in which malware evades sandboxes and also how it will identify sandbox environments.
Understand what virtual machines are in a malware analysis light
Understand how virtual machines are structured and how they work/differ from physical machines
Gain an understanding of how malware can identify an environment to determine existence within a virtual machine
This video aims to give enlightenment on what data encoding is. This is quite key to understand when data is misrepresented during malware analysis.
Understand what data coding is
Understand the purpose of data coding in malware analysis/development and how it increases complexity
Learn about the various strategies that may be implored to hide information/data within malware
This video aims to teach the user about how malware can re-create itself to have several generations of the same malware with differences.
Understand what polymorphism and metamorphism are and purpose they serve
Understand how polymorphism works and how it’s used
Learn from examples about how polymorphism would work in real life
The last video of this section aims to put everything learnt together and give an understanding of a few other strategies not covered initially in malware remaining stealthy.
Learn about various strategies not discussed before that would still be used to evade detection
Learn through examples how the anti-detection strategies work and view detection rates
Perform a section recap to glue together everything learnt in this unit of malware evasion techniques
We are going to learn what exactly backdoors are and how they operate through examples.
Understand what malware is, what backdoors are, and what types of backdoors are available
Understand each type of backdoor target in a system
Gain insights through some examples of backdoors and their true intent in the systems they targeted at.
Learn what keyloggers are and how they contribute to information theft. Additionally it enables an attacker gain insight as to how they operate.
Understand what keyloggers and information stealers are by intent
Understand the various methods they use to get information out of a system to an attacker
Get a workflow of keylogger and information stealer delivery all the way to exfiltration. This gives insights that can be used for various analyses.
This video gives an understanding of the various stages of a malware attack and how downloaders contribute to the cycle. It also discusses the modes of distribution to give insights for prevention.
Understand the five stages of a malware attack
Understand the role of downloaders in the stages of a malware attack
Gain insights into how downloaders are spread to prevent them from landing on a network.
Ransomware has been one of the biggest threats in the current malware space. This video aims to give an understanding of what ransomware is and what distinguishes it from other malware.
Understand what ransomware is and how it differs from other forms of malware
Gain an understanding of the working of ransomware and various examples of it
Understand how to prevent infection through ransomware. These practices not only help in day-to-day use but are also applicable to analysts and for preventing self-infection.
Rootkits are very sophisticated forms of malware and this video explores what they are, their effects, and various types of rootkits in the wild.
Gain an understanding of what rootkits are and various components that make up a rootkit
Understand the various layers a rootkit affects and what that means in terms of impact
Learn the various types of rootkits and what it means when they successfully infect a host. This is useful for analysis strategies
See what exactly privilege escalation is and its various manifestations as well as types.
Learn what privilege escalation is and the main causes of privilege escalation
Understand the various types of privilege escalations that occur on systems
Gain insights through some examples of privilege escalation and the role they play on the systems they target
In this video, we will cover various methods in which launching of malware is done covertly, and learn what this actually is.
Understand what covert launching techniques are
Gain an understanding of the purpose of covert launching techniques in the malware development/analysis space
Walkthrough the various elements covered in the section to see how they relate to each other
This video aims to impart knowledge of the Windows environment and its structure. The main focus is on three layers: application, user, and kernel mode.
Understand the basic structure of the Windows components
Understand the purpose of each layer in relation to underlying hardware
Learn about what is contained in the various layers and the purpose of each component
This video gives an understanding of what user mode debugging is, its characteristics and usage, as well as some examples of user mode debuggers.
Understand what is meant by user mode debugging
Identify debuggers that use user mode debugging
Understand some key, unique characteristics of user mode debugging
In this video, we will cover how to use OllyDbg in a slightly more advanced way for user mode debugging.
Walkthrough OllyDbg and some of its characteristics
Gain an understanding of proper usage of breakpoints and their importance in debugging
Understand packed malware using OllyDbg to perform dynamic analysis against it
We will have an overview of kernel mode debugging, debuggers that use this, and some characteristics unique to kernel mode debugging.
Understand what is meant by kernel mode debugging
Identify debuggers that implore or use kernel mode debugging
Understand some key, unique characteristics of kernel mode debugging
In this video we will cover how to perform a kernel mode debug using WINDBG. This will be done using a kernel dump since the specimen involves one machine as opposed to two as is usually required.
Gain a basic overview of WINDBG and how to configure it
Learn how to take a live dump of the kernel for analysis
Perform analysis on a kernel dump
Gain a deeper understanding of the x86 architecture to add to your understanding of registers. This will include system calls, assembly sections, common functions, and examples.
See various operation modes and assembly sections
See how the user will then be empowered to understand various system calls
Focus on some key instruction sets that are seen in modern malware
This video aims to show the relevance of a disassembler in static analysis and some scenarios where static analysis may be more efficient than dynamic analysis.
Understand how a disassembler works
Understand the actual benefits of a disassembler
Know why static analysis would be preferred over dynamic analysis
This video teaches how to choose the right context in which one would load a sample in IDA Pro. We cover navigating through the various sections once a sample is loaded.
Understand the various classifications of samples in IDA
Break down the IDA import wizard
Navigate and understand various sections and the relevance of information within them once a sample is loaded in IDA
In this video, we will cover how to use functions in IDA, what they are, and how to redefine them.
Understand IDA's key structure and where to find functions
Understand in a bit more intricate details of what functions are in IDA and how to use the functional view
Redefine functions especially if they are not well named within IDA for richer analysis
In this video, we will cover some concepts of IDA Pro and see how to use them to analyze a malware sample.
Understand the IDA concepts learned
Use new advanced concepts in analyzing a more complex malware sample
Section recap to incorporate all elements learned into one unified solution
This video seeks to explain various malware techniques and how strategies can be developed around them for detection purposes.
See various strategies used by malware to stay undetected
Understand malware detection through the various components of a malware sample
Focus on the key tools and techniques used to discover/detect malware
How to detect a compromise in a network and the steps to clean up the network to reduce the possibility of reoccurrence or spread of the attack
Detect an occurred infection on hosts which is on the network
Know the key indicators of a compromise
Go through all the steps from identification to isolation and cleaning of a network
This video teaches you how IDS systems work and the various strategies that most of them use to detect anomalies.
Understand how IDS systems are structured
Understand how IDSes work in regard to the strategies they use to detect anomalies
Learn examples of common IDS systems available in the market to aid in this functionality
In this video, you will learn how to detect packed malware using various strategies
Gain an understanding of which strategies can be used to detect packed malware
Understand the need to know some key tools that can be used to identify packed malware
Identify packed malware practically