
This lecture introduces the course. You will better understand why take this course and what this course is NOT and also the minimum prerequisites in order to be successful.
In this lecture we discuss the ransomware analysis methodology and steps. After finishing this you will be able to practice these on your own virtual machine and test your skills at recovering encrypted files.
The sample we're going to work on is attached in a password protected archive. The password is "infected".
The IDA Pro saved database is also included.
In this video we will reverse engineer the encryption routine and locate the key needed to recover the files.
In this lecture we're going to use a trick derived from boolean logic and a flaw in ransomware code to force it to show us the key without any disassembling.
In this lecture we'll write a Python decryptor for the first ransomware based on the reversed encryption logic and the discovered key.
In this lecture we'll learn how to break the encryption algorithm without having the knowledge of the key or even its length, using logic and statistical methods.
The second ransomware is similar however we'll learn a few new tricks and practice the skills from the first section.
The sample we're going to work on is attached in a password protected archive. The password is "infected".
In this lecture we'll analyse the sample, locate the encryption routine, reverse engineer it and find the decryption key,
In this section we'll write a Python script to decrypt the files.
The aim of this course is to provide a practical approach to analyzing ransomware. Working with real world samples of increasing difficulty, we will:
Deep dive into identifying the encryption techniques,
Navigate through various evasion tricks used by malware writers,
Have fun discovering flaws in their logic or the implementation and
Work out automated ways to recover the affected files.
If you're already familiar with the basics and want to dive straight into advanced samples, navigate anti-virtualisation and anti-analysis tricks, and write C and Python decryptors for custom crypto algorithms, please check out our Advanced Reverse Engineering Ransomware course!