Reverse Engineering & Malware Analysis - Intermediate Level
What you'll learn
- Types of Malware and Terminologies
- Static Analysis
- Dynamic Analysis
- Assembly Language Refresher and Malicious APIs
- API Hooking, Process Hijacking, Dumping Memory
- Identifying Standard and Custom Packers
- Unpacking Packed Malware
- Enumerating Breakpoints and Memory Tracing
- Hooking VirtualProtect, VirtualAlloc, GetProcAddress, CreateProcessInternalW and other common API's
- Using Scylla Plugin to Dump Memory, Fixing IAT Tables
- Using Delphi Interactive Reconstructor
- Dumping Memory from Memory Viewer, Process Hacker and Memory Maps
- API Enumeration Count Trick To Know When to Dump
- Self-Injection and Remote Thread Injection
- Fixing Section Alignments, Unmapping and Re-Basing Dumped Files
- and more...
- Windows PC with Virtual Machine and Flare-VM Installed
- Some basics in malware analysis or software reverse engineering.
If you already have some basic reverse engineering and malware analysis knowledge and wish to go further, then this course is for you. I will take you from basic to intermediate level in reverse engineering and analyzing malware. You will learn using plenty of practical walk-throughs. The focus of this course will be on how to unpack malware. Most modern malware are packed in order to defeat analysis. Hence, this Intermediate Level Course provides the required knowledge and skills to unpack malware. All the needed tools will be introduced and explained. By the end of this course, you will have the intermediate level skill in malware analysis under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained in reverse engineering and analysis would be beneficial to you to reverse software as well.
Everything is highly practical. No boring theory or lectures. More like walk-throughs which you can replicate and follow along. We will focus on API Hooking and Memory Analysis and Tracing to determine where and when to dump memory after a malware has unpacked its payload into memory. In this course, we will be using Oracle Virtual Machine installed with Flare-VM. Take note that all software used in this course are free.
Types of Malware and Terminologies
Dynamic and Static Analysis
Assembly Language Refresher and Malicious APIs
API Hooking, Process Hijacking, Dumping Memory
Fixing Section Alignments, Un-mapping and Re-Basing Dumped Files
Enumerating Breakpoints and Memory Tracing
Hooking VirtualProtect, VirtualAlloc, GetProcAddress, CreateProcessInternalW and other common API's
Using Scylla Plugin to Dump Memory
Using Delphi Interactive Reconstructor
Dumping Memory from Memory Viewer, Process Hacker and Memory Maps
API Enumeration Count Trick To Know When to Dump
Self-Injection and Remote Thread Injection
This course is suitable for:
Students who has already done a basic level malware analysis course
Hackers looking for additional tools and techniques to reverse software
Reverse Engineers who want to venture into malware analysis
Some basics in malware analysis or software reverse engineering.
Windows PC with Virtual Machine and Flare-VM Installed.
If you do not have the basics of malware analysis, it is recommended to take my earlier course first, which is entitled:
Reverse Engineering & Malware Analysis Fundamentals
Go ahead and enroll now. I will see you inside!
Who this course is for:
- Students who has already done a basic level malware analysis or reverse engineering course
- Hackers looking for additional tools and techniques to reverse software
- Reverse Engineers who want to venture into malware analysis
I am a semi-retired college lecturer with more than 20 years experience in teaching computing and information technology. My interests range from reversing, coding to graphics design, apps, games development, music, health, spirituality and well-being. In my spare time, I also play the piano and keyboard. I enjoy teaching face-to-face and online and also love educating and inspiring others to succeed and live the life of their dreams.