IZBR

Hi! My name is Isaac Basque-Rice, I'm A Security Engineer and former Abertay Ethical Hacker, and this website is a repository for all the cool stuff I've done, enjoy!

---

Project maintained by IBRice101 Hosted on GitHub Pages — Theme by mattgraham

Practical Malware Analysis & Triage

On 2022-08-15 I purchased the Practical Malware Analysis & Triage course by Matt Kiely (HuskyHacks) for £0.99, an absolute bargain. This repository serves as my notes for the course.

Overview

• Practical intro to malware analysis, RE, and triage
• Emphasis on WIndows, employs real world TTPs
• Techniques & methodology first, tools second
• 20+ malware samples
• Build malware lab, handle malware safely, proceed through analysis methodology
• Learn latest trends in malware:
  • Go
  • Nim
  • C#
  • Ransomware
  • Process injectors
  • C2 agents
  • Maldocs
  • VBS
• Report writing, signature writing, how to convey findings

Topics

• Introduction
• Safety Always! Setting Up A Lab & Malware Handling
• Four Phases of Analysis
  • Basic Static Analysis
  • Basic Dynamic Analysis
  • Challenge 1
  • Advanced Static ANalysis
  • Advanced Dynamic Analysis
  • Challenge 2
• Gone Phishing: Analysing Malicious Macros & Maldocs
• What The Shell? Shellcode Analysis
• Off-Script: Analysing Scripted Malware Delivery
• Stay Sharp: C# Assembly Malware Decompilation & Analysis
• Go Time: Analysing Go Malware
• Mobile! Analysing Mobile OS Malware
• THe Bossfights!: Analysing Real World Malware Specimens
• Automating The Process - Jupyter Notebooks & Sandboxes
• Rule Writing
• Report! Organising Your Notes for a Triage Report
• Course Final
• Conclusion/Further Readings

Programs I needed to install myself

FlareVM’s installation process is… not perfect, and so it became necessary for me to install certain tools manually after FlareVM got up and running, here is a full list for my own record keeping

• PE Studio
• Procmon
• The SysInternals Suite