Getting Started with Malware Analysis

Name: Getting Started with Malware Analysis
Rating: 4.2 (7 reviews)

Get set up and capable of dissecting many of today's computer threats.

Created byProfessor Steve H

Last updated 3/2021

English

What you'll learn

No previous experience in cyber-security? no problem I will start at the very beginning!
Learn how to set up and configure a malware analysis lab - for free!
Find all the important artifacts hidden inside a malware executable file.
You'll instrument your system to collect all the events happening within your system and attribute these events to the malware's behavior.

Course content

6 sections • 27 lectures • 1h 31m total length

Introduction1:22
Welcome to this course. I am very excited to introduce you to this topic area!
Purpose of malware analysis1:57
In this short video I will describe some of the most important drivers for analyzing malware.
Tips for success6:05
We will discuss the different components of malware analysis and how each contributes to the final understanding of the malware's behavior.
The equipment for our lab1:54
We will be using virtual machine technology to build out our analysis laboratory. In this video I will explain the primary components of the lab.
Downloading our platforms1:07
I will demonstrate how to download, install then configure the lab components.

Networking in our lab3:37
Before analyzing any malware, let us first discuss how out lab is isolated and protected from accidental infection.
Creating a Linux host3:00
We will install and configure our Linux host for this course.
Creating a Windows host1:40
I will show you how to our Microsoft test image running on our machines in this video demonstration.
Downloading our tools4:02
We will pull our lab together in this video and download all the final components required to start the analysis of a piece of malware.

Receiving a sample1:20
I will share how to safely transport malware samples over the network.
Generating a signature hash1:23
An important part of the malware analysis is maintaining the sample during analysis. This will be very important should any part of your analysis need to be replicated.
Examining file details4:43
Modern executable files are rich with internal data that is valuable to the malware analyst. You just have to know how to find and interpret the data.
Finding strings3:41
Human readable strings of characters will often tell important details about the internal workings of an executable file.
A Summary of our analysis1:01
We will recap the progress of our analysis after having completed these initial static analysis steps.

Introduction to dynamic analysis1:01
Capturing DNS network requests2:30
We can simulate an entire Internet of hosts using ApateDNS to redirect DNS requests to a host we control.
Monitoring the running process8:53
Process Explorer and Process Monitor are excellent tools to instrument a running system with in order to capture events happening within the system.
Monitoring API calls5:49
Windows APIs are as close to actual source code as we can get. With this tool we can observe the API calls, their inputs and their outputs.
Comparing our analysis to sample source code2:26
We can judge how effective our analysis efforts have been by comparing our findings with the human readable source code of the malware.

Requirements

You'll need to have access to a moderately equipped computer; nothing fancy. No need to spend all sorts of money trying out a new skill.

Description

There are many types of malicious software that are enabled by the wider use of the internet, portable media, mobile devices and embedded systems. This malicious software includes trojan horses, worms, viruses, botnets and spyware, ransomware and many more. In this course, students will be shown how to set up an analysis “laboratory” that will offer all the isolation and protection needed for safe dissection of malware, while being capable enough to deliver fast and accurate results.

After discussing the primary goals of malware analysis and offering a number of “pro-tips”, the instructor lays out a design for an analysis lab. Every step of building the lab is demonstrated in such a way as to enable and encourage students new to the field to be successful. Once the lab is operational, the process for dissecting malware samples is delivered in an interactive and hands-on manner, geared toward having the student complete the analysis within their own lab concurrent with the lesson being taught.

Even though the course lessons are demonstrated in a Microsoft Windows environment, users familiar with both Apple MacOS and Linux will be able to follow along as all the software in use available for all three platforms and at no cost.

Once the technique and tools used for malware analysis have been taught, malware samples are provided to the student for additional practice.

Who this course is for:

People considering a career (or training) in cyber security.
Computer users interested in exploring cybersecurity or malware analysis/reverse engineering.
Developers who are interested in or thinking about starting to specialize in cybersecurity.

Getting Started with Malware Analysis

What you'll learn

Explore related topics

Course content

Introduction5 lectures • 12min

Our Platforms4 lectures • 12min

Structural (Static) Analysis5 lectures • 12min

Behavioral (Dynamic) Analysis5 lectures • 21min

A full run-through of the process6 lectures • 32min

Final2 lectures • 1min

Requirements

Description

Who this course is for: