A Start-to-Finish Guide to Malware Analysis!: 2-in-1
3.6 (6 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
79 students enrolled

A Start-to-Finish Guide to Malware Analysis!: 2-in-1

Learn different tools and techniques used to tackle malware threats
3.6 (6 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
79 students enrolled
Created by Packt Publishing
Last updated 11/2018
English
English [Auto-generated]
Current price: $10.99 Original price: $199.99 Discount: 94% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 6 hours on-demand video
  • 1 downloadable resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to Udemy's top 3,000+ courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Gather advanced dynamic and static malware analysis.
  • Gain experience in working with OllyDbg, WINDBG, and IDA Pro.

  • Know how to detect and defend against malware.

  • Detect and defend against malware.
  • Master how packers and unpackers work.
Requirements
  • Prior knowledge of the concepts of Malware Analysis will be useful (Not Mandatory).
Description

Are you worried about the malware that will intrude your system, and you’re looking forward to analyzing it? Then this course is the one you're looking for! The threat analysis is an on-going process that helps identify paradigm of malicious software. With hacker's regularly reintroducing network infrastructure, it is obvious to lose sight of the tools being used. Beginning with malicious program analysis, this course is centered on mapping vulnerabilities, exploits, network infrastructure, additional malware, and adversaries!

This comprehensive 2-in-1 course an easy-to-follow guide with a step-by-step approach which will get you up and running with the key concepts of malware analysis, malware behavior, and evasions! You’ll learn the art of detecting, curing, and preventing future malware threats. Master advanced malware analysis topics and techniques like IDA Pro, OllyDbg, and WINDBG! Finally, you’ll evade malware using various types of malware analysis tools and techniques!

By the end of the course, you’ll explore the basic concepts of malware and get familiar with various types of malware analysis tools and techniques like IDA Pro, OllyDbg, and WINDBG to tackle malware threats!

Contents and Overview

This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.

The first course, Fundamentals of Malware Analysis, covers basic concepts of malware and get familiar with various types of malware analysis tools and techniques. In this video course, we start with the basic concepts of malware and you’ll get familiar with the different types of malware and the malware analysis process. Before moving on with the techniques of malware analysis, you’ll see how to set up your own lab to make a secure environment for malware analysis. Moving on, you’ll get familiar with the basic techniques of static and dynamic malware analysis and gets your hands dirty with debuggers and disassemblers such as OllyDbg and IDA PRO. You’ll learn how to analyze malware and understand its anatomy using these tools and techniques. Finally, you’ll be exposed to the techniques that malware may use to evade detection and remain undetected. By the end of the course, you’ll have a solid knowledge that will enable you to analyze the majority of malware programs.

The second course, Advanced Malware Analysis, covers understanding malware behavior and evading it using IDA Pro, OllyDbg, and WINDBG. In this video course, we cover advanced malware analysis topics. Towards this goal, we first understand the behavior of different classes of malware. Such knowledge helps us to easily categorize malware based on its characteristic. We see how sophisticated malware can use techniques to either evade detection or increase its damage and access to the system. Then we learn advanced techniques in static and dynamic malware analysis and cover the details and powerful features of OllyDbg, IDA Pro, and WINDBG. We also explore defense mechanisms against malware, create a signature for malware, and set up an intrusion detection system (IDS) to prevent attacks. Finally, we cover the concept of packers and unpackers and explore how to unpack packed malware to analyze it.

By the end of the course, you’ll explore the basic concepts of malware and get familiar with various types of malware analysis tools and techniques like IDA Pro, OllyDbg, and WINDBG!

About the Author

  • Munir Njenga is a self-driven, multi-talented, technology enthusiast, cybersecurity consultant, and researcher. He mainly focuses on malware analysis, and web- and mobile-based application testing and methodologies. His skills and competencies stem from his active involvement in engagements that deliver advisory services such as network security reviews, security course development, training and capacity building, mobile and internet banking security reviews (BSS, MSC, HLR/AUC, IN, NGN, GGSN/SGSN), web applications, and network attack and penetration testing. Apart from his security hat, he is a poet, graphic designer, blogger, tool/application tester, social media marketer, web 2.0 developer and designer, naturalist, and traveler.

Who this course is for:
  • Security Professionals and Incident Responders who want to perform deep malware analysis as well as gain knowledge about how to detect malware and defend against it!
Course content
Expand all 63 lectures 06:13:55
+ Fundamentals of Malware Analysis
28 lectures 02:10:45

This video will give you an overview about the course.

Preview 04:45

In this video, we are going to take a look at an introduction as to what exactly malware is and why we need to learn malware analysis as a practice.

  • Understand what malware is and what components are required for any software to be considered malicious

  • Understand malware analysis practice

  • Gain insight on how malware analysis can benefit us and enrich our security practice

What Is Malware and the Need for Malware Analysis
05:20

This video aims to give insight as to what types of malware are available in the modern world and how they differ. This gives a better understanding from a security perspective, the role they play in the ecosystem of cyber security.

  • Understand the most commonly used types of malware that are available in the world

  • Gain insight on the metrics used to classify the various discussed malware types

  • Understand the current shift or trend in the malware space; which will allow the you to know what to protect most against and what their biggest threats are

Types of Malware
03:46

This video aims to show the standard way of performing malware analysis, so as to gain a full understanding of breaking down malware.

  • Learn how to prepare malware analysis

  • Explain the stages in the lifecycle of malware analysis that are followed, and how they relate to each other

  • See the types of malware analysis that would be performed.

Malware Analysis Methodology
04:01

One of the key things in malware analysis is not only using an already built lab but learning to setup one in a way that allows customization and security based on one’s resources. This video takes us through the process of coming up with an easy, and secure analysis lab.

  • Learn how to setup a basic virtual machine to host the Lab and its constituents, that is guest operating systems

  • Equip the lab with the right tools of trade to perform malware analysis once done with setting up a lab

  • See how you will be able to tweak the virtual machine a bit in order to begin securing it. This will enable them not only users of a lab, it makes them professionals as they can implement the lab based on      different needs

How to Set Up Your Lab?
05:54

Gain insight on how any malware analysis lab needs to take advantage of using snapshots, which are basically states of virtual machines as of a given point in time.

  • Understand what snapshots are in order to appreciate the role they play in malware analysis

  • See how screenshots becomes paramount to gain insight as to why we need them and in what scenarios we can use them

  • Learn to use the snapshots correctly so that one can also configure their snapshots appropriately.

Why a Snapshot Is Useful?
03:59

In this video, we will understand that it is important to know some of the agreed and non-agreed conventions in malware analysis in order to stay safe.

  • Explain how malware analysis is risky and care has to be taken in performing analysis, and some safeguards to be considered

  • Prepare a checklist of things to do and not do when analyzing malware so that they are adequately prepared for it

Some Warnings
02:52

In this video, we are going to take a look at an introduction as to what exactly dynamic analysis is and why we need to learn how to study malware behaviour.

  • Understand what dynamic analysis is all about

  • Understand why we need to learn to perform dynamic analysis/behavioral analysis in study of malware

  • Gain an overview on how to perform dynamic analysis

Preview 03:04

This video aims to give insight as to how to monitor system processes which is one aspect of dynamic analysis and understand the execution of malware and its effect on system processes through its lifecycle.

  • Understand how to monitor the process of systems in order to detect changes to them that would have a negative effect

  • Learn why we monitor these processes to detect anomalies

  • Gain insight to the things to look out for when monitoring processes which will equip you with the necessary knowledge to keep track of process anomalies

Monitoring System Processes
05:56

This video aims to show the standard way of performing network traffic analysis so as to gain insight as to possibilities of information exfiltration or communication with a command and control centre.

  • Learn why the network traffic analysis is needed and when it becomes applicable in malware analysis

  • Learn how to perform traffic analysis to differentiate good traffic from bad traffic and the tools that can be used for this

  • Learn about the things to look out for during traffic analysis; this will equip you with the ability to quickly detect anomalies in information being sent to and from the network

Analyzing Network Traffic
05:25

One of the key things in proactive malware handling is detecting local changes to systems; this video gives insight as to some of the strategies for this.

  • Understand why there is a need to keep track of local changes in order to ensure all assets in the ecosystem conform

  • Understand how to do detect local changes and strategies that can be implored

  • Understand how to leverage various tools and capabilities that can help with detecting local changes to systems

Detecting Local Changes
03:30

This video aims to introduce the user to debuggers and why they are a key asset in dynamic malware analysis.

  • Understand what debuggers are in order to appreciate the role they play in malware analysis

  • Gain insight as to what role debuggers play and when we can use them

  • Understand some various terms associated with debuggers in order to appreciate the features which will prep them for the usage of debuggers in later videos

What Is a Debugger?
02:50

This video aims to single out one of the debuggers that is commonly used and is easy to use in the dynamic malware analysis space.

  • Learn a bit about OllyDbg and get an overview of what it is and what it does

  • Gain a bit of understanding as to why OllyDbg is highly preferred

  • Understand some of its key features that differentiates it from other debuggers or rather that makes it friendlier enabling the      user to appreciate its need

Basic Features of OllyDbg
01:49

This video aims to utilize the knowledge gained in the two previous videos on debuggers to perform a basic analysis using OllyDbg.

  • Learn how to use OllyDbg for malware analysis and the key features and how they interconnect during actual analysis

  • Learn how to relate the concepts learned in order to use the debugger more effectively and the things to look out for

  • Perform a basic analysis on the malware samples provided using OllyDbg

Malware Analysis Using OllyDbg
11:33

In this video we are going to take a look at an introduction as to what exactly static analysis is and why we need to learn how to study malware artefacts.

  • Understand what static analysis is and its importance

  • Understand why we would choose and use static analysis as a mode of malware analysis

  • Gain an overview of how to perform static analysis

Why Static Analysis?
02:30

This video aims to introduce the user to the x86 instruction set so that they can understand from a low level language perspective how the machine interprets instructions even for malware.

  • Learn about an overview of the x86 architecture and the ABCD of registers

  • Understand the structure of registers and what function each performs which also includes an understanding of the memory space for each register

  • Get a simple but practical example of how to interpret assembly in an x86 perspective when source is not available that will enable you to understand common interactions within memory and how it is allocated

x86 Instruction Set
08:29

This video aims to introduce the user to various file formats so that they can understand various forms in which malware is distributed.

  • Learn about the various forms in which malware is distributed

  • Understand from examples how to identify the file format of distribution using signatures making it easier to identify them

  • Gain insight on how to identify malware despite the file format its distributed in

Introduction to File Formats
05:14

This video shows the user some introductory techniques in extracting information and interpreting it in a useful manner for malware analysis.

  • Learn about malware binaries in an overview just to understand how this is applicable

  • Understand what information is sought in malware binaries that may aid with further analysis

  • Perform a basic static analysis to extract relevant information from sample malware enabling you to know practically artefacts that may be helpful

Extracting Useful Information from Malware Binary
08:28

This video aims to give insight to a user in order for them to understand imported functionality when it comes to malware binaries.

  • Learn about what imports and linked files are and reasons why they exist and are used

  • Learn about various tools that can be used to identify imports and linked files

  • Understand by example how imports are found and how to interpret them

Finding Imports and Linked Files
02:23

This video brings about a key concept on the use of disassemblers as a tool of trade in static analysis.

  • Learn about what disassemblers are and the role they play in malware analysis

  • Understand when usage of a disassembler is important and useful

  • Learn about some common disassemblers in use in day to day operations in event you want to try them out

How a Disassembler Can Help Us?
01:37

This video singles out one of the disassemblers (IDA Pro) and its features and some nice things to use within it.

  • Learn about IDA Pro as a disassembler and what it has to offer

  • Understand when usage of an IDA Pro is important and useful

  • Learn about some of the key features of IDA Pro to be used in a later video when practically utilizing them

Basic Features of IDA Pro
01:45

This video aims to show one some of the features learnt about in IDA Pro and how applicable they are in dissecting malware practically.

  • Learn about how to import samples into IDA Pro

  • Understand how previous information from static analysis is key in utilizing it before importing executables into IDA Pro

  • Perform an analysis on imported malware sample using IDA Pro and gain insight on the replicator and the bomb based on previous concepts

Malware Analysis Using IDA Pro
08:49

In this video, we will enhance our knowledge of debugging and how malware prevents itself from being debugged or executed while being monitored.

  • Learn about some more debugging terms that are related to the subject of evasion

  • Understand how debuggers work in a bit more detail and strategies that are possible due to this workflow

  • What strategies are used to evade debuggers and why they work including an example of this working

Anti-Debugging
08:15

This video aims to give the user an understanding of how malware avoids disassembly when an analyst is trying to get under its hood.

  • Learn about what anti-disassembly is

  • Understand the importance of anti-disassembly to a malware developer and its effect on a malware analyst

  • Learn and understand how malware identifies disassemblers and how it attempts to frustrate the efforts of disassembly to remain hidden for a longer time

Anti-Disassembly
03:11

This video aims to introduce the user to ways in which malware evades sandboxes and also how it will identify sandbox environments.

  • Understand what virtual machines are in a malware analysis light

  • Understand how virtual machines are structured and how they work/differ from physical machines

  • Gain an understanding of how malware can identify an environment to determine existence within a virtual machine

Anti-Virtual Machines
03:39

This video aims to give enlightenment on what data encoding is. This is quite key to understand when data is misrepresented during malware analysis.

  • Understand what data coding is

  • Understand the purpose of data coding in malware analysis/development and how it increases complexity

  • Learn about the various strategies that may be implored to hide information/data within malware

Data Encoding
02:49

This video aims to teach the user about how malware can re-create itself to have several generations of the same malware with differences.

  • Understand what polymorphism and metamorphism are and purpose they serve

  • Understand how polymorphism works and how it’s used

  • Learn from examples about how polymorphism would work in real life

Polymorphism
03:24

The last video of this section aims to put everything learnt together and give an understanding of a few other strategies not covered initially in malware remaining stealthy.

  • Learn about various strategies not discussed before that would still be used to evade detection

  • Learn through examples how the anti-detection strategies work and view detection rates

  • Perform a section recap to glue together everything learnt in this unit of malware evasion techniques

More Evasion Techniques
05:28
+ Advanced Malware Analysis
35 lectures 04:03:10

This video gives an overview of the entire course.

Preview 04:19

We are going to learn what exactly backdoors are and how they operate through examples.

  • Understand what malware is, what backdoors are, and what types of backdoors are available

  • Understand each type of backdoor target in a system

  • Gain insights through some examples of backdoors and their true intent in the systems they targeted at.

Backdoors
10:57

Learn what keyloggers are and how they contribute to information theft. Additionally it enables an attacker gain insight as to how they operate.

  • Understand what keyloggers and information stealers are by intent

  • Understand the various methods they use to get information out of a system to an attacker

  • Get a workflow of keylogger and information stealer delivery all the way to exfiltration. This gives insights that can be used for various analyses.

Keyloggers and Information Stealers
06:36

This video gives an understanding of the various stages of a malware attack and how downloaders contribute to the cycle. It also discusses the modes of distribution to give insights for prevention.

  • Understand the five stages of a malware attack

  • Understand the role of downloaders in the stages of a malware attack

  • Gain insights into how downloaders are spread to prevent them from landing on a network.

Downloaders
05:55

Ransomware has been one of the biggest threats in the current malware space. This video aims to give an understanding of what ransomware is and what distinguishes it from other malware.

  • Understand what ransomware is and how it differs from other forms of malware

  • Gain an understanding of the working of ransomware and various examples of it

  • Understand how to prevent infection through ransomware. These practices not only help in day-to-day use but are also applicable to analysts and for preventing self-infection.

Ransomware
09:05

Rootkits are very sophisticated forms of malware and this video explores what they are, their effects, and various types of rootkits in the wild.

  • Gain an understanding of what rootkits are and various components that make up a rootkit

  • Understand the various layers a rootkit affects and what that means in terms of impact

  • Learn the various types of rootkits and what it means when they successfully infect a host. This is useful for analysis strategies

Rootkits
09:04

See what exactly privilege escalation is and its various manifestations as well as types.

  • Learn what privilege escalation is and the main causes of privilege escalation

  • Understand the various types of privilege escalations that occur on systems

  • Gain insights through some examples of privilege escalation and the role they play on the systems they target

Privilege Escalation
07:32

This video aims to impart knowledge as to what persistence is and various strategies used by malware to create persistence on a network.

  • Learn about persistence

  • Understand the purpose of persistence in malware

  • Understand the strategies that are used to achieve persistence

Persistence Methods
04:35

This video gives an understanding of what data encoding is, the methods used to achieve it, and its purpose in malware analysis.

  • Understand what data encoding is

  • Find various methods used to perform data encoding by malware

  • Understand why malware developers use data encoding

Data Encoding
08:35

In this video, we will cover various methods in which launching of malware is done covertly, and learn what this actually is.

  • Understand what covert launching techniques are

  • Gain an understanding of the purpose of covert launching techniques in the malware development/analysis space

  • Walkthrough the various elements covered in the section to see how they relate to each other

Covert Launching Techniques
07:07

Take a look at what debuggers are and the various modes in which debuggers work.

  • Show what a debugger is and its purpose in dynamic malware analysis

  • Understand the various types of debugging modes

  • Highlight the difference between debugging modes

Using a Debugger
03:12

This video aims to impart knowledge of the Windows environment and its structure. The main focus is on three layers: application, user, and kernel mode.

  • Understand the basic structure of the Windows components

  • Understand the purpose of each layer in relation to underlying hardware

  • Learn about what is contained in the various layers and the purpose of each component

An Overview of the Windows Environment
07:20

This video gives an understanding of what user mode debugging is, its characteristics and usage, as well as some examples of user mode debuggers.

  • Understand what is meant by user mode debugging

  • Identify debuggers that use user mode debugging

  • Understand some key, unique characteristics of user mode debugging

User Mode Debugging
05:43

In this video, we will cover how to use OllyDbg in a slightly more advanced way for user mode debugging.

  • Walkthrough OllyDbg and some of its characteristics

  • Gain an understanding of proper usage of breakpoints and their importance in debugging

  • Understand packed malware using OllyDbg to perform dynamic analysis against it

Malware Analysis Using OllyDbg
15:42

In this video we will cover some key advanced features in OllyDbg.

  • Learn about OllyDbg and some of its features

  • Understand the use of OllyDbg’s features

  • Understand the purpose of some key elements of OllyDbg

Features of OllyDbg
11:12

We will have an overview of kernel mode debugging, debuggers that use this, and some characteristics unique to kernel mode debugging.

  • Understand what is meant by kernel mode debugging

  • Identify debuggers that implore or use kernel mode debugging

  • Understand some key, unique characteristics of kernel mode debugging

Kernel Mode Debugging
03:24

In this video we will cover how to perform a kernel mode debug using WINDBG. This will be done using a kernel dump since the specimen involves one machine as opposed to two as is usually required.

  • Gain a basic overview of WINDBG and how to configure it

  • Learn how to take a live dump of the kernel for analysis

  • Perform analysis on a kernel dump

Malware Analysis Using WINDBG
08:20

In this video, we will cover some key advanced features of WINDBG.

  • Learn about WINDBG and some of its features

  • Understand the use of WINDBG’s features

  • Understand the purpose of some key elements of WINDBG

Features of WINDBG
05:52

Gain a deeper understanding of the x86 architecture to add to your understanding of registers. This will include system calls, assembly sections, common functions, and examples.

  • See various operation modes and assembly sections

  • See how the user will then be empowered to understand various system calls

  • Focus on some key instruction sets that are seen in modern malware

Advanced Notes on the x86 Architecture
08:33

This video aims to show the relevance of a disassembler in static analysis and some scenarios where static analysis may be more efficient than dynamic analysis.

  • Understand how a disassembler works

  • Understand the actual benefits of a disassembler

  • Know why static analysis would be preferred over dynamic analysis

How a Disassembler Can Help Us
04:30

This video teaches how to choose the right context in which one would load a sample in IDA Pro. We cover navigating through the various sections once a sample is loaded.

  • Understand the various classifications of samples in IDA

  • Break down the IDA import wizard

Navigate and understand various sections and the relevance of information within them once a sample is loaded in IDA

Loading and Navigating Using IDA Pro
09:39

In this video, we will cover how to use functions in IDA, what they are, and how to redefine them.

  • Understand IDA's key structure and where to find functions

  • Understand in a bit more intricate details of what functions are in IDA and how to use the functional view

  • Redefine functions especially if they are not well named within IDA for richer analysis

Functions in IDA
07:48

We will cover some key elements in the IDA Pro graphical user interface, what they are for, and when to use them.

  • Overview of the IDA GUI

  • See the features of IDA in the GUI that are highly relevant

  • Understand when to use these features in a contextual manner.

IDA Pro Graphic Features
07:27

In this video, we will cover some concepts of IDA Pro and see how to use them to analyze a malware sample.

  • Understand the IDA concepts learned

  • Use new advanced concepts in analyzing a more complex malware sample

  • Section recap to incorporate all elements learned into one unified solution

Analysing Malware Using IDA Pro
08:40

This video seeks to explain various malware techniques and how strategies can be developed around them for detection purposes.

  • See various strategies used by malware to stay undetected

  • Understand malware detection through the various components of a malware sample

  • Focus on the key tools and techniques used to discover/detect malware

Malware Detection Techniques
04:57

How to detect a compromise in a network and the steps to clean up the network to reduce the possibility of reoccurrence or spread of the attack

  • Detect an occurred infection on hosts which is on the network

  • Know the key indicators of a compromise

  • Go through all the steps from identification to isolation and cleaning of a network

Steps to Clean a Compromised Network
05:06

This video teaches you how IDS systems work and the various strategies that most of them use to detect anomalies.

  • Understand how IDS systems are structured

  • Understand how IDSes work in regard to the strategies they use to detect anomalies

  • Learn examples of common IDS systems available in the market to aid in this functionality

How Intrusion Detection Systems Work
02:21

We drill down to a key open source IDS system known as Snort and breakdown what it is, its features, as well as its applications.

  • Begin with a basic understanding of what Snort is.

  • Understand in more detail how Snort works.

  • Identify Snort’s key features

An Introduction to Snort
02:09

We will cover how to download, install, configure, and setup Snort.

  • Explore the elements needed to install Snort

  • Install Snort

  • Configure Snort and confirm that it’s working

How to Setup Snort?
12:23

Learn how to create custom signatures to detect specific elements on the network based on business case.

  • Understand what Snort signatures are

  • Understand Snort signatures in order to logically create signatures

  • Create a signature and confirm that it detects successfully.

How to Create a Signature?
07:13

Learn about hybrid analysis and its benefits within the malware analysis space.

  • A learner will understand what hybrid analysis is

  • The learner will also need to know the benefits of hybrid analysis

  • Understand the need of how and when to use hybrid analysis

Why Hybrid Analysis?
04:22

See what packers are, a few examples of them, and how packers work.

  • Understand what packers are

  • Learn a few examples of packers

  • Understand how packers work and the structure of a packed program.

How Do Packers Work?
02:37

In this video, you will learn how to detect packed malware using various strategies

  • Gain an understanding of which strategies can be used to detect packed malware

  • Understand the need to know some key tools that can be used to identify packed malware

  • Identify packed malware practically

How to Detect Packed Malware?
05:10

This video teaches you how to unpack a malware program in an automated and manual way.

  • Understand various unpacking methods

  • Understand the manual unpacking process of a malware program

  • Unpack a malware program manually using the process learned

How to Unpack a Malware Program?
03:15

In this video, we will cover practical examples of unpacking a malware program.

  • Walkthrough the malware unpacking strategies learned

  • Understand in a bit more intricate detail how to put the unpacking into practice

  • Learn to successfully unpack the malware sample

Examples of Unpacking a Malware Program
12:30
Test Your Knowledge
5 questions