Reverse Engineering Malware

Creator: Matt Briggs & Frank Poz

License: Creative Commons: Attribution, Share-Alike (http://creativecommons.org/licenses/by-sa/3.0/)

Class Prerequisites: Introduction to Intel x86 and Introduction to Reverse Engineering Software or equivalent knowledge.

Lab Requirements: - Virtual machine software (VMWare is recommended). -Windows system with IDA Pro (Free 5.0 is acceptable). -Microsoft Visual Studio 2008 redistributable package.

Class Textbook: “Practical Malware Analysis” by Michael Sikorski and Andrew Honig

Recommended Class Duration: 2 days

Creator Available to Teach In-Person Classes: Yes

Author Comments:

An email arrives in your inbox: "You have to check out this picture!" It came from your friends address, which you know and trust. It beckons you to open it. Maybe you weren't fooled this time, but it's likely at least one of the 50 other recipients couldn't resist.

As we store more of our confidential information on our computers, from bank account credentials, to company secrets, the reward to risk ratio increases as has the number malware (malicious software) threats. While anti-virus and intrusion detection systems have improved over the years, nothing can substitute a skilled malware analyst when a business needs to understand and mitigate a network intrusion.

This class picks up where the Introduction to Reverse Engineering Software course left off, exploring how static reverse engineering techniques can be used to understand what a piece of malware does and how it can be removed.

Topics include: - Understanding common malware features and behavior - Defeating code armoring and obfuscation - Signature creation and applying prior analysis - Dynamic analysis tools and how they can aid static analysis

During the course students will complete many hands on exercises.

Before taking this class you should take Introduction to Intel x86 and Introduction to Reverse Engineering Software or have equivalent knowledge.

Presented by