Malware Analysis: Identifying and Defeating Packing

Malware authors routinely utilize packing techniques to complicate the analysis of their code. This course will teach you techniques for identifying and defeating packing so that key characteristics and behaviors can be identified.
Course info
Level
Intermediate
Updated
Feb 12, 2019
Duration
2h 18m
Table of contents
Description
Course info
Level
Intermediate
Updated
Feb 12, 2019
Duration
2h 18m
Description

Malware authors will routinely utilize obfuscation techniques to complicate the analysis of their code. One such technique is packing, in which a malicious program is layered inside another program. In Malware Analysis: Identifying and Defeating Packing, you will gain the skills necessary to not only identify prevalent packing techniques, but also how to effectively defeat them. First, you will learn how packers work and how malware authors regularly use them. Next, you will learn how to detect common packers and methods for unpacking. Finally, you will learn about custom packers, how you can identify them and effective ways for defeating them. Each module of this course will include detailed demonstrations and hands-on labs that will allow you to analyze real-world malware. You will be going deep into malware packing techniques with such tools as IDA Pro and WinDbg, by the end of this course you will have the knowledge and skills to effectively tackle packing!

About the author
About the author

Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a malware analyst for Bromium, an end-point security company and is the Director of Training for the Open Information Security Foundation (OISF).

More from the author
Getting Started with Reverse Engineering
Beginner
3h 40m
Aug 29, 2018
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music playing) Hi everyone, my name is Dr. Josh Stroschein and welcome to my course, Malware Analysis: Identifying and Defeating Packing. I am an assistant professor at Dakota State University where I teach malware analysis, reverse engineering, and software exploitation. I work as a senior malware analyst for Bromium, and I'm part of the training team and responsible for academic outreach for the Open Information Security Foundations Suricata project. In this course, we are going to tackle malware packing head on. Packing is a prevalent technique used by malware authors to hide, obfuscate, or otherwise complicate your ability to analyze the malware's code. Identifying and defeating packing is often the first step when analyzing any malicious file. Some of the major topics that we will cover include techniques and tools for analyzing malware and determining signs of packing, how to detect common packers with signatures, how to identify custom packers, and effective strategies for tracing through unpacking logic with reversing tools, such as IDA Pro, an assembly level debugger. We will also utilize real-world malware to study unique packing techniques and how to defeat them. Throughout this course you will be able to follow along through comprehensive demonstrations and apply yourself through hands-on labs with real-world malware samples. By the end of this course, you will have the knowledge and skills necessary to defeat malware packing. Before beginning the course, you should be familiar with the basics of reverse engineering and be comfortable with tools such as a disassembler and an assembly-level debugger. You should also be familiar with how to set up a safe malware analysis lab environment. I hope you'll join me on this journey to learn how to defeat packing with Malware Analysis: Identifying and Defeating Packing at Pluralsight.