Reverse Engineering Ransomware
- 1 hour on-demand video
- 6 downloadable resources
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- The lectures, videos and other resources will provide relevant information about current malware analysis tricks
- How to use disassemblers and other security tools
- How to identify flaws in ransomware code or encryption logic
- Practice on progressively difficult samples which illustrate different concepts each
- Practice acquired knowledge via quizzes for each section
- How to write simple decrpytors in a high-level language (source code provided)
- Basic programming knowledge
- A computer that can run a Windows virtual machine.
- An interest in disassembling things and understanding how they work!
- Patience and perseverance to “try harder”.
The aim of this course is to provide a practical approach to analyzing ransomware. Working with real world samples of increasing difficulty, we will:
Deep dive into identifying the encryption techniques,
Navigate through various evasion tricks used by malware writers,
Have fun discovering flaws in their logic or the implementation and
Work out automated ways to recover the affected files.
If you're already familiar with the basics and want to dive straight into advanced samples, navigate anti-virtualisation and anti-analysis tricks, and write C and Python decryptors for custom crypto algorithms, please check out our advanced Reverse Engineering Ransomware course!
- Security testers
- Malware analysts
- Forensics investigators
- System administrators
- Information security students
- Anyone interested in ransomware and malware analysis
In this lecture we discuss the ransomware analysis methodology and steps. After finishing this you will be able to practice these on your own virtual machine and test your skills at recovering encrypted files.
The sample we're going to work on is attached in a password protected archive. The password is "infected".
The IDA Pro saved database is also included.