Malware Analysis: Identifying and Defeating Code Obfuscation

Malware authors routinely utilize obfuscation techniques to complicate the analysis of their code. This course will teach you techniques for identifying and defeating code obfuscation so that key characteristics and behaviors can be identified.
Course info
Level
Intermediate
Updated
Jul 12, 2019
Duration
2h 23m
Table of contents
Description
Course info
Level
Intermediate
Updated
Jul 12, 2019
Duration
2h 23m
Description

Malware authors will routinely utilize obfuscation techniques to complicate the analysis of their code. These techniques can prevent the discovery of important indicators of compromise and limit the ability to determine malware functionality. In this course, Malware Analysis: Identifying and Defeating Code Obfuscation, you will gain the skills necessary to not only identify prevalent obfuscation techniques, but also how to effectively defeat them. First, you will see how obfuscation will affect your analysis and effective strategies for defeating a variety of obfuscation methods. Next, you will explore how to identify and detect obfuscation techniques in interpreted code. This includes software routinely abused by malware authors such as Powershell and Visual Basic for Applications. You will next be able to expand your skills by learning about code obfuscation in native code. Finally, you will discover how malware authors use cryptography for obfuscation and ways to detect it. Each module of this course will include detailed demonstrations and hands-on labs that will allow you to analyze real-world malware. You will be going deep into malware obfuscation techniques with such tools as IDA Pro and WinDbg. By the end of this course, you will have the knowledge and skills to effectively tackle obfuscation!

About the author
About the author

Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a malware analyst for Bromium, an end-point security company and is the Director of Training for the Open Information Security Foundation (OISF).

More from the author
Getting Started with Reverse Engineering
Beginner
3h 40m
Aug 29, 2018
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music) Hi everyone. My name is Dr. Josh Stroschein, and welcome to my course, Malware Analysis: Identifying and Defeating Code Obfuscation. I am an Assistant Professor at Dakota State University where I teach malware analysis, reverse engineering, and software exploitation. I also work as a Senior Malware Analyst for Bromium and am the Director of Training and Academic Outreach for The Open Information Security Foundation. In this course, we are going to get hands-on with malware obfuscation. Malware authors will routinely utilize obfuscation techniques to complicate the analysis of their code. These techniques can prevent discovery of important indicators of compromise and prevent you from determining malware functionality. Identifying and defeating code obfuscation is often the first step when analyzing any malicious file. Some of the major topics that we will cover include how obfuscation affects your analysis, the tools and techniques for identifying code obfuscation in interpreted code, such as Visual Basic for Applications and PowerShell, how malware authors employ string and function obfuscation in native code, as well as identifying malware use of cryptography, as well as effective ways for detecting and tracing the use of that cryptography. Throughout this course, you will be able to follow along through comprehensive demonstrations and apply yourself through hands-on labs with real-world malware samples. By the end of this course, you will have the knowledge and skills necessary to defeat malware obfuscation. Before beginning the course, you should be familiar with the basics of reverse engineering and be comfortable with tools such as a disassembler and an assembly-level debugger. You should also be familiar with how to set up a safe malware analysis lab environment. I hope you'll join me on this journey to learn how to defeat obfuscation with Malware Analysis: Identifying and Defeating Code Obfuscation, at Pluralsight.