Malware Analysis

Paths

Malware Analysis

Authors: Christopher Rees, Cristian Pascariu, Tyler Hudak, Josh Stroschein, Dr. Jared DeMott

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. To... Read more

Pre-requisites

Viewers should have watched the Malware Analysis Fundamentals courses or have equivalent knowledge and experience.

Beginner

In this section, you will be introduced to the key concepts associated with performing malware analysis. You will learn how malicious actors attack organizations, users and endpoints and how you can begin to analyze the artifacts associated with these attacks. Finally, you will apply everything you have learned to begin to develop a workflow for performing malware analysis, identifying key indicators of compromise and the ability to create a narrative around an incident.

Malware Analysis: The Big Picture

by Christopher Rees

Mar 9, 2017 / 2h 13m

2h 13m

Start Course
Description

Every day a new breach occurs at companies large and small. Some impact tens of millions of customers, destroy a company's reputation, consumer trust, or investor confidence. Some breaches go unnoticed for months or years and quietly leak sensitive information, company secrets, customer data, and more. In this course, Malware Analysis: The Big Picture, you will learn the basics of what malware is, and how it gets into your networks and infects your systems. First, you will delve into what skills, tools, and teams you'll need in place to effectively combat these breaches. Next, you will dive into types of malware analysis and which is best suited for a particular situation. Finally, you will learn about gap analysis; ensuring holes are being filled and resources directed in the proper areas. When you're finished with this course, you'll have the knowledge necessary to make effective decisions regarding what resources are required, legal considerations during and after a breach, and best practices to minimize the effect of malware breaches within your environment.

Table of contents
  1. Course Overview
  2. Malware: Why Should You Care?
  3. Best Practices
  4. Tools and Teams
  5. Investigative and Legal Considerations

Getting Started Analyzing Malware Infections

by Cristian Pascariu

Feb 8, 2017 / 2h 17m

2h 17m

Start Course
Description

Computer virus outbreaks are becoming more complex and use clever deployment tactics that trick people into getting infected, even without their knowledge. Traditional antivirus technologies have a hard time keeping up. There is a need for security analysts that are able to tackle these infections and stop them from infecting other computers. In this course, Getting Started Analyzing Malware Infections, you'll learn how to safely contain and analyze suspicious files and URLs. Next, you learn to extract malicious scripts from documents, deobfuscate them, and extract indicators that lead to other malware components. Finally, you will learn to investigate virus deployment techniques that bypass modern security controls. When you're finished with this course, you will have the skills and the knowledge to build layered defenses that will disrupt the infection chain at multiple stages protecting your data and your company.

Table of contents
  1. Course Overview
  2. Investigating Malware Infections
  3. Analyzing Malicious Links
  4. Dissecting Infected Documents
  5. Analyzing Malicious Archives
  6. Designing the Process for Analyzing Malware

Malware Analysis Fundamentals

by Tyler Hudak

Mar 31, 2017 / 3h 20m

3h 20m

Start Course
Description

Since finding malware is a common occurrence for anyone that performs incident response, knowing how to properly analyze that malware is an essential skill. In this course, Malware Analysis Fundamentals, you'll gain the ability to analyze malware. First, you'll explore how to keep yourself and your systems safe when analyzing malware. Next, you'll discover how to get information on the malware by examining its characteristics. Finally, you'll learn how to execute malware and watch how it interacts with your system. When you're finished with this course, you'll have the skills and knowledge of malware analysis needed to safely and successfully determine what a malware sample does and the risk it presents.

Table of contents
  1. Course Overview
  2. Introduction and Setting up Your Malware Analysis Lab
  3. Static Analysis: Identifying Malware
  4. Static Analysis: Analyzing Embedded Strings
  5. Static Analysis: Understanding the PE Header
  6. Lab 1: Static Analysis
  7. Dynamic Analysis Considerations
  8. Dynamic Analysis: Detecting Malware System Changes
  9. Dynamic Analysis: Monitoring Malware Behavior
  10. Lab 2: Dynamic Analysis
  11. Progressing Your Malware Analysis Skills

Intermediate

In this section, you will learn how to leverage many industry standard tools for analyzing and reverse engineering malware. You will gain a deeper understanding of reverse engineering and how to apply those skills to analyzing malware. You will also explore many prevalent obfuscation techniques used by malware authors to disrupt detection and analysis and develop effective strategies for identifying and defeating those techniques.

Performing Malware Analysis on Malicious Documents

by Tyler Hudak

Jan 23, 2018 / 2h 59m

2h 59m

Start Course
Description

Hiding malware within documents has become one the main methods attackers use to compromise systems. In this course, Performing Malware Analysis on Malicious Documents, you will learn how to look at documents to determine if they contain malware, and if so, what that malware does. First, you will explore how to analyze malicious Adobe PDF and Microsoft Office documents. Next, you will discover how attackers obfuscate scripts within malicious documents, and how you can defeat that obfuscation to determine the script’s purpose. Finally, you will dive into the tools required to perform this analysis safely and quickly. When you’re finished with this course, you will have the skills and knowledge needed to perform malware analysis on malicious documents.

Table of contents
  1. Course Overview
  2. Introduction and Setting up Your Lab
  3. Performing Document Analysis
  4. Analyzing PDF Documents
  5. Performing JavaScript Analysis
  6. PDF Lab
  7. Analyzing Office Documents
  8. Performing VBA Script Analysis
  9. Quickly Analyzing Malicious Documents
  10. Office Document Lab
  11. Analyzing Malicious Documents Recap

Analyzing Malware for .NET and Java Binaries

by Josh Stroschein

Apr 17, 2018 / 1h 42m

1h 42m

Start Course
Description

The ability to quickly and effectively analyse a wide variety of malware is a critical skill for anyone performing incident response, working in a security operations center (SOC), or analyzing malware. In this course, Analyzing Malware for .NET and Java Binaries, you will gain the skills necessary to effectively analyze Java and .NET malware. First, you will learn how .NET and Java binaries differ from other malware. Next, you will learn the tools, techniques, and workflows necessary to reverse engineer these types of binaries. Finally, you will apply everything you learned through hands-on labs in which you will analyze real-world malware. When you are finished with this course, you will have the knowledge and skills necessary to analyze .NET and Java binaries, giving you the ability to effectively investigate a wider variety of malware.

Table of contents
  1. Course Overview
  2. Introduction
  3. Analyzing .NET Binaries
  4. Analyzing Java Binaries
  5. Performing Real-world Analysis
  6. Leveling up Your Skills

Getting Started with Reverse Engineering

by Josh Stroschein

Aug 29, 2018 / 3h 40m

3h 40m

Start Course
Description

The ability to reverse engineer binary code is an essential skill for anyone responsible for software security or performing malware analysis, and it even plays a significant role in performing penetration tests and incident response. In this course, Getting Started with Reverse Engineering, you will gain the skills necessary to reverse engineer native code and determine program behavior. First, you will discover the basic elements of modern CPU architecture and the essentials of assembly language. Next, you will learn about native code, the portable executable file format and techniques to enrich your reverse engineering efforts. Finally, you will explore proficiency in the tools and techniques associated with performing static and dynamic reverse engineering to include IDA Pro and WinDbg. Throughout this course you will be able to follow along through comprehensive demonstrations and apply yourself through hands-on labs. By the end of this course, you will have the knowledge and skills necessary to reverse engineer native code binaries.

Table of contents
  1. Course Overview
  2. Introduction
  3. Assembly Basics
  4. Working with Native Code
  5. Using Debuggers
  6. Practical Assembly
  7. Reverse Engineering
  8. Conclusion

Security for Hackers and Developers: Reverse Engineering

by Dr. Jared DeMott

Mar 29, 2017 / 2h 3m

2h 3m

Start Course
Description

In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you'll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Table of contents
  1. Course Overview
  2. Using IDA Pro to Reverse Code
  3. Learning x86 and Calling Conventions
  4. Understanding C-to-Assembly and Compiled Structures
  5. Patching a Compiled Binary
  6. Reversing C++
  7. Extending IDA with Scripts

Reverse Engineering Malware with Ghidra

by Josh Stroschein

Mar 20, 2020 / 1h 34m

1h 34m

Start Course
Description

The reverse engineering landscape has changed with the introduction of the National Security Agencies’ (NSA) software reverse engineering framework Ghidra, which is a fully-featured, open-source framework for performing reverse engineering of binary code. In this course, Reverse Engineering Malware with Ghidra, you will gain the ability to utilize Ghidra to perform reverse engineering of malware. First, you will learn how to install Ghidra and setup your first project. Next, you will discover how to maximize the user interface to aid in your reverse engineering goals. Finally, you will get hands-on with the decompiler and scripting engine by unpacking a modern trojan. When you're finished with this course, you will have the skills and knowledge of Ghidra needed to reverse engineer malware.

Table of contents
  1. Course Overview
  2. Software Reverse Engineering with Ghidra
  3. Working with Ghidra’s Core Components
  4. Enhancing Your Reversing Workflow
  5. Harnessing Ghidra’s Superpowers

Malware Analysis: Identifying and Defeating Code Obfuscation

by Josh Stroschein

Jul 12, 2019 / 2h 22m

2h 22m

Start Course
Description

Malware authors will routinely utilize obfuscation techniques to complicate the analysis of their code. These techniques can prevent the discovery of important indicators of compromise and limit the ability to determine malware functionality. In this course, Malware Analysis: Identifying and Defeating Code Obfuscation, you will gain the skills necessary to not only identify prevalent obfuscation techniques, but also how to effectively defeat them. First, you will see how obfuscation will affect your analysis and effective strategies for defeating a variety of obfuscation methods. Next, you will explore how to identify and detect obfuscation techniques in interpreted code. This includes software routinely abused by malware authors such as Powershell and Visual Basic for Applications. You will next be able to expand your skills by learning about code obfuscation in native code. Finally, you will discover how malware authors use cryptography for obfuscation and ways to detect it. Each module of this course will include detailed demonstrations and hands-on labs that will allow you to analyze real-world malware. You will be going deep into malware obfuscation techniques with such tools as IDA Pro and WinDbg. By the end of this course, you will have the knowledge and skills to effectively tackle obfuscation!

Table of contents
  1. Course Overview
  2. How Obfuscation Affects Your Analysis
  3. Detecting and Defeating Code Obfuscation in Interpreted Code
  4. Detecting and Defeating String Obfuscation in Native Code
  5. Detecting and Defeating Function Obfuscation in Native Code
  6. Identifying Malware Use of Cryptography
  7. Leveling up Your Skills

Malware Analysis: Identifying and Defeating Packing

by Josh Stroschein

Feb 12, 2019 / 2h 17m

2h 17m

Start Course
Description

Malware authors will routinely utilize obfuscation techniques to complicate the analysis of their code. One such technique is packing, in which a malicious program is layered inside another program. In Malware Analysis: Identifying and Defeating Packing, you will gain the skills necessary to not only identify prevalent packing techniques, but also how to effectively defeat them. First, you will learn how packers work and how malware authors regularly use them. Next, you will learn how to detect common packers and methods for unpacking. Finally, you will learn about custom packers, how you can identify them and effective ways for defeating them. Each module of this course will include detailed demonstrations and hands-on labs that will allow you to analyze real-world malware. You will be going deep into malware packing techniques with such tools as IDA Pro and WinDbg, by the end of this course you will have the knowledge and skills to effectively tackle packing!

Table of contents
  1. Course Overview
  2. Why Packing Affects Your Analysis
  3. How Packers Work
  4. Identifying Custom Packers
  5. Performing Manual Unpacking
  6. Leveling up Your Skills

Advanced

In this section, you will learn how malware authors can employ anti-analysis techniques to trick your analysis tools. These techniques, when successful, can be used to bypass your analysis workflow and are vital as a malware analyst to identify. You will also continue to explore the inner workings of sophisticated malware to learn how it works and how you can effectively unravel it.

Advanced Malware Analysis: Combating Exploit Kits

by Dr. Jared DeMott

Jun 9, 2016 / 2h 23m

2h 23m

Start Course
Description

Cyber-criminals are innovating faster than ever, and the cyber-crime industry caused the loss of hundreds of billions of dollars last year across the US and Europe alone. In this course, Advanced Malware Analysis: Combating Exploit Kits, you'll learn the skills you need to pull apart and analyze exploit kits (an advanced form of malware) with Dr. DeMott. First, you'll explore the tools and techniques you'll be using as well as analyze events collected by Bromium micro-VMs. Next, you'll work on unraveling the exploit kits--figuring out which ones were used, what they look like, how to decrypt them, and how to detect them in "the wild." Finally, you'll learn how to conduct safe dynamic analysis of these exploit kits, detect CNC communication, and share your analyses so that these problems can be remedied. By the end of this course, you'll not only have a better understanding of what exploit kits are and how to detect them, but you'll be able to analyze how they work and report them so that your data is safer than ever from cyber-crime.

Table of contents
  1. Course Overview
  2. Introduction
  3. Recognizing the Exploit Vector
  4. Unraveling Exploit Obfuscation
  5. Circumventing Exploit Kit Encryption
  6. Understanding Moving Target Communications
  7. Detecting Angler in the Wild
  8. Performing Safe Dynamic Analysis
  9. Analyzing Files Statically
  10. Reversing Malware with Debugging Tools
  11. Reversing Malware with IDA pro
  12. Customizing Reports: From Researchers to CISOs

Defeating Anti-reverse Engineering and Anti-debugging Techniques

by Josh Stroschein

Jan 24, 2020 / 1h 53m

1h 53m

Start Course
Description

Anti-reverse engineering and anti-debugging techniques are often leveraged by malware authors to disrupt or prevent detailed analysis, helping them to avoid detection by even the most advanced security products. These efforts increase the odds that they will be successful in attacking an organization and can allow them to stay hidden within an organization for prolonged periods of time. In this course, Defeating Anti-reverse Engineering and Anti-debugging Techniques, you will gain the skills necessary to not only identify prevalent anti-analysis techniques, but also how to defeat them. First, you will gain insight into why malware authors employ such anti-analysis techniques and gain a deeper understanding of where to expect them. Next, you will dig deep into anti-analysis techniques used to disrupt both your static and dynamic analysis activities. You will get hands-on with identifying anti-disassembly techniques, control-flow obfuscation and hiding string and API calls. Then, you will learn how malware authors trick your debugger, employ code hiding techniques such as process hollowing and how they leverage shellcode to complicate analysis. Finally, you will explore techniques used to detect the presence of a sandbox, which leads to incomplete or inaccurate results and can throw off your analysis. Each module of this course will include in-depth demonstrations and hands-on labs utilizing real-world malware. By the end of this course, you will have the knowledge and skills to defeat anti-reversing and anti-debugging techniques used by the most sophisticated malware authors.

Table of contents
  1. Course Overview
  2. How Anti-analysis Affects Your Analysis
  3. Detecting and Defeating Anti-reverse Engineering Techniques
  4. Stopping Anti-debugging Techniques
  5. Adding Stealth to Your Malware Sandbox

Advanced Malware Analysis: Ransomware

by Cristian Pascariu

Jan 24, 2019 / 1h 29m

1h 29m

Start Course
Description

Ransomware attacks have continued to grow in frequency and potency, causing large business impact. There is no reason for you and your company to become a victim of this destructive piece of Malware. In this course, Advanced Malware Analysis: Ransomware, you will gain the ability to determine if compromised machines were infected with Ransomware. First, you will learn some of the early indicators of when Ransomware infects a system. Next, you will discover how kill switches can help you prevent attacks. Finally, you will explore how Ransomware spreads throughout the network and how it manages to infect a large number of computers. When you are finished with this course, you will have the skills and knowledge of Ransomware Analysis, enabling you to identify, contain, and eradicate attacks much more effectively.

Table of contents
  1. Course Overview
  2. Learning How Ransomware Works
  3. Performing Static Analysis on Compromised Machines
  4. Analyzing Early Infection Stages
  5. Analyzing Propagation and Replication Techniques
  6. Protecting against Ransomware
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit