Reverse Engineering Ransomware
2.8 (60 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
5,133 students enrolled

Reverse Engineering Ransomware

Static and dynamic analysis. Reverse engineering. Writing Decryptors
2.8 (60 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
5,133 students enrolled
Last updated 9/2019
English
English
Current price: $16.99 Original price: $24.99 Discount: 32% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 1 hour on-demand video
  • 6 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • The lectures, videos and other resources will provide relevant information about current malware analysis tricks
  • How to use disassemblers and other security tools
  • How to identify flaws in ransomware code or encryption logic
  • Practice on progressively difficult samples which illustrate different concepts each
  • Practice acquired knowledge via quizzes for each section
  • How to write simple decrpytors in a high-level language (source code provided)
Requirements
  • Basic programming knowledge
  • A computer that can run a Windows virtual machine.
  • An interest in disassembling things and understanding how they work!
  • Patience and perseverance to “try harder”.
Description

The aim of this course is to provide a practical approach to analyzing ransomware. Working with real world samples of increasing difficulty, we will:


Deep dive into identifying the encryption techniques,


Navigate through various evasion tricks used by malware writers,


Have fun discovering flaws in their logic or the implementation and


Work out automated ways to recover the affected files.


If you're already familiar with the basics and want to dive straight into advanced samples, navigate anti-virtualisation and anti-analysis tricks, and write C and Python decryptors for custom crypto algorithms,  please check out our advanced Reverse Engineering Ransomware course!

Who this course is for:
  • Security testers
  • Malware analysts
  • Forensics investigators
  • System administrators
  • Information security students
  • Anyone interested in ransomware and malware analysis
Course content
Expand all 9 lectures 54:52
+ Course Introduction
1 lecture 06:09

This lecture introduces the course. You will better understand why take this course and what this course is NOT and also the minimum prerequisites in order to be successful.

Preview 06:09
+ Under the hood of a simple cryptor
5 lectures 24:52

In this lecture we discuss the ransomware analysis methodology and steps. After finishing this you will be able to practice these on your own virtual machine and test your skills at recovering encrypted files.

The sample we're going to work on is attached in a password protected archive. The password is "infected".

The IDA Pro saved database is also included.

Preview 14:12

In this video we will reverse engineer the encryption routine and locate the key needed to recover the files.

Practice Green 1 - Find the encryption key - the hard way
06:09

In this lecture we're going to use a trick derived from boolean logic and a flaw in ransomware code to force it to show us the key without any disassembling.

Practice Green 2 - Find the encryption key - the easy way
02:25

In this lecture we'll write a Python decryptor for the first ransomware based on the reversed encryption logic and the discovered key.

Practice Green 3 - Write a decryptor
00:36

In this lecture we'll learn how to break the encryption algorithm without having the knowledge of the key or even its length, using logic and statistical methods.

Practice Green 4 - Cryptanalysis - Break the key
01:30

Quiz Green Dragon Ransmware

Quiz Green Dragon
5 questions
+ More disassembling and writing decryptors
3 lectures 23:51

The second ransomware is similar however we'll learn a few new tricks and practice the skills from the first section.


The sample we're going to work on is attached in a password protected archive. The password is "infected".

Blue Dragon Ransomware
12:38

In this section we'll write a Python script to decrypt the files.

Practice Blue 2 Decryption
04:41

In this lecture we'll analyse the sample, locate the encryption routine, reverse engineer it and find the decryption key,

Practice Blue 1 Analysis
06:32
Quiz Blue Dragon
5 questions