SlideShare a Scribd company logo

Introduction to Malware Analysis

Shawn Thomas
Shawn Thomas

Slides from my Blue Team Village talk "Introduction to Malware Analysis" given at Defcon 27.

Technology
1 of 11
An Introduction to Malware Analysis
An Introduction to Malware Analysis 02 Shawn Thomas @Understudy77 • Paranoid and head of the Security Operations Center at Verizon Media • Breach consultant in a past life • Possibly rusty on this topic • Sucks at Twitter
An Introduction to Malware Analysis - It’s been awhile since I’ve done this every day - There are many more tools and methodologies than just the ones I will be covering - This is very much an introduction to some tools and thought processes to look at potentially malicious files 03 Disclaimer
An Introduction to Malware Analysis - Ubuntu 14.04 with Remnux installed 04 The Toolset - In Remnux - pdfid - pdf-parser - pdfdetach - oletools - VMWare (orVirtualBox to keep it free and Open Source) - In ourVM - Process Explorer - Regshot - Fiddler/Wireshark - Cuckoo Sandbox if we have time
An Introduction to Malware Analysis - You are a security analyst for the Daily Bugle - You just received an alert/notification about a suspicious email with an attachment - You have gotten a copy of the pdf attached to the email for analysis 05 The Setup
An Introduction to Malware Analysis Let’s dive into the good part 06
An Introduction to Malware Analysis What can you as a security person do with this information? 07 Follow on actions
An Introduction to Malware Analysis - pdfid [filename].pdf - pdf-parser [filename].pdf |more - pdfdetach –list [filename].pdf - pdfdetach –saveall [filename].pdf - olevba –d [filename].doc |more 08 Commands ran
An Introduction to Malware Analysis - virustotal.com - urlvoid.com - ipvoid.com - http://irma.quarkslab.com/ - https://www.joesecurity.org/joe-sandbox-cloud - malwr.com - https://zeltser.com/reverse-engineering-malicious-code-tips/ - https://zeltser.com/build-malware-analysis-toolkit/ - https://digital-forensics.sans.org/blog/2010/11/12/get-started-with- malware-analysis/ Books - Malware Analysts Cookbook - Practical Reverse Engineering 09 Links (aka the take a picture slides)
An Introduction to Malware Analysis - http://contagiodump.blogspot.com/ - http://dasmalwerk.eu/ - https://malshare.com/ - http://thezoo.morirt.com/ - http://openmalware.org/ - https://virusshare.com/ - https://zeltser.com/malware-sample-sources/ 10 Links TO LIVE MALWARE (use at own risk)
An Introduction to Malware Analysis Questions,Thoughts, Comments, Concerns, Gripes? 10

Recommended

MR201407 An example of antivirus detection rates and similarity of undetected...
MR201407 An example of antivirus detection rates and similarity of undetected...MR201407 An example of antivirus detection rates and similarity of undetected...
MR201407 An example of antivirus detection rates and similarity of undetected...FFRI, Inc.
 
J_McConnell_Reconnaissance_Challenge
J_McConnell_Reconnaissance_ChallengeJ_McConnell_Reconnaissance_Challenge
J_McConnell_Reconnaissance_ChallengeJuanita McConnell
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEWshyamuopiv
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comBromleyz38
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comrobertlesew79
 
Threat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityThreat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityOllie Whitehouse
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsZane Lackey
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityVodqaBLR
 

Recommended

MR201407 An example of antivirus detection rates and similarity of undetected...
MR201407 An example of antivirus detection rates and similarity of undetected...MR201407 An example of antivirus detection rates and similarity of undetected...
MR201407 An example of antivirus detection rates and similarity of undetected...FFRI, Inc.
 
J_McConnell_Reconnaissance_Challenge
J_McConnell_Reconnaissance_ChallengeJ_McConnell_Reconnaissance_Challenge
J_McConnell_Reconnaissance_ChallengeJuanita McConnell
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEWshyamuopiv
 
SEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comSEC 572 Inspiring Innovation / tutorialrank.com
SEC 572 Inspiring Innovation / tutorialrank.comBromleyz38
 
Sec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comSec 572 Education Specialist-snaptutorial.com
Sec 572 Education Specialist-snaptutorial.comrobertlesew79
 
Threat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityThreat Intelligence - Routes to a Proactive Capability
Threat Intelligence - Routes to a Proactive CapabilityOllie Whitehouse
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsZane Lackey
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityVodqaBLR
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Ensuring Security through Continuous Testing
Ensuring Security through Continuous TestingEnsuring Security through Continuous Testing
Ensuring Security through Continuous TestingTechWell
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Best Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceBest Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceAlienVault
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and PreventionPratimesh Pathak
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilityAlienVault
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?Michael Gough
 
Anti malware tools intrusion detection systems
Anti malware tools intrusion detection systemsAnti malware tools intrusion detection systems
Anti malware tools intrusion detection systemsUltraUploader
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
"The death of security as we know it: Platform and Security Engineering join ...
"The death of security as we know it: Platform and Security Engineering join ..."The death of security as we know it: Platform and Security Engineering join ...
"The death of security as we know it: Platform and Security Engineering join ...Fwdays
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber ResiliencyAlert Logic
 
A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application SecurityChristian Martorella
 
Intro to-ssdl--lone-star-php-2013
Intro to-ssdl--lone-star-php-2013Intro to-ssdl--lone-star-php-2013
Intro to-ssdl--lone-star-php-2013nanderoo
 
social PRESENTATION.pptx
social PRESENTATION.pptxsocial PRESENTATION.pptx
social PRESENTATION.pptxMdMinhajulAbedin1711
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Securitysecdevmel
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneAlec Sloman
 
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...The Linux Foundation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

More Related Content

Similar to Introduction to Malware Analysis

Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Ensuring Security through Continuous Testing
Ensuring Security through Continuous TestingEnsuring Security through Continuous Testing
Ensuring Security through Continuous TestingTechWell
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Best Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceBest Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceAlienVault
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and PreventionPratimesh Pathak
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilityAlienVault
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?Michael Gough
 
Anti malware tools intrusion detection systems
Anti malware tools intrusion detection systemsAnti malware tools intrusion detection systems
Anti malware tools intrusion detection systemsUltraUploader
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
"The death of security as we know it: Platform and Security Engineering join ...
"The death of security as we know it: Platform and Security Engineering join ..."The death of security as we know it: Platform and Security Engineering join ...
"The death of security as we know it: Platform and Security Engineering join ...Fwdays
 
A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application SecurityChristian Martorella
 
Intro to-ssdl--lone-star-php-2013
Intro to-ssdl--lone-star-php-2013Intro to-ssdl--lone-star-php-2013
Intro to-ssdl--lone-star-php-2013nanderoo
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingAll Things Open
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Securitysecdevmel
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneAlec Sloman
 
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...The Linux Foundation
 

Similar to Introduction to Malware Analysis (20)

Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Ensuring Security through Continuous Testing
Ensuring Security through Continuous TestingEnsuring Security through Continuous Testing
Ensuring Security through Continuous Testing
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Best Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat IntelligenceBest Practices for Leveraging Security Threat Intelligence
Best Practices for Leveraging Security Threat Intelligence
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and Prevention
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibility
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
 
Anti malware tools intrusion detection systems
Anti malware tools intrusion detection systemsAnti malware tools intrusion detection systems
Anti malware tools intrusion detection systems
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
"The death of security as we know it: Platform and Security Engineering join ...
"The death of security as we know it: Platform and Security Engineering join ..."The death of security as we know it: Platform and Security Engineering join ...
"The death of security as we know it: Platform and Security Engineering join ...
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber Resiliency
 
A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application Security
 
Intro to-ssdl--lone-star-php-2013
Intro to-ssdl--lone-star-php-2013Intro to-ssdl--lone-star-php-2013
Intro to-ssdl--lone-star-php-2013
 
social PRESENTATION.pptx
social PRESENTATION.pptxsocial PRESENTATION.pptx
social PRESENTATION.pptx
 
Open Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are usingOpen Source evaluation: A comprehensive guide on what you are using
Open Source evaluation: A comprehensive guide on what you are using
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
 
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...
LinuxCon NA 2015:Are today's FOSS Security Practices Robust Enough in the Clo...
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

Introduction to Malware Analysis

  • 1. An Introduction to Malware Analysis
  • 2. An Introduction to Malware Analysis 02 Shawn Thomas @Understudy77 • Paranoid and head of the Security Operations Center at Verizon Media • Breach consultant in a past life • Possibly rusty on this topic • Sucks at Twitter
  • 3. An Introduction to Malware Analysis - It’s been awhile since I’ve done this every day - There are many more tools and methodologies than just the ones I will be covering - This is very much an introduction to some tools and thought processes to look at potentially malicious files 03 Disclaimer
  • 4. An Introduction to Malware Analysis - Ubuntu 14.04 with Remnux installed 04 The Toolset - In Remnux - pdfid - pdf-parser - pdfdetach - oletools - VMWare (orVirtualBox to keep it free and Open Source) - In ourVM - Process Explorer - Regshot - Fiddler/Wireshark - Cuckoo Sandbox if we have time
  • 5. An Introduction to Malware Analysis - You are a security analyst for the Daily Bugle - You just received an alert/notification about a suspicious email with an attachment - You have gotten a copy of the pdf attached to the email for analysis 05 The Setup
  • 6. An Introduction to Malware Analysis Let’s dive into the good part 06
  • 7. An Introduction to Malware Analysis What can you as a security person do with this information? 07 Follow on actions
  • 8. An Introduction to Malware Analysis - pdfid [filename].pdf - pdf-parser [filename].pdf |more - pdfdetach –list [filename].pdf - pdfdetach –saveall [filename].pdf - olevba –d [filename].doc |more 08 Commands ran
  • 9. An Introduction to Malware Analysis - virustotal.com - urlvoid.com - ipvoid.com - http://irma.quarkslab.com/ - https://www.joesecurity.org/joe-sandbox-cloud - malwr.com - https://zeltser.com/reverse-engineering-malicious-code-tips/ - https://zeltser.com/build-malware-analysis-toolkit/ - https://digital-forensics.sans.org/blog/2010/11/12/get-started-with- malware-analysis/ Books - Malware Analysts Cookbook - Practical Reverse Engineering 09 Links (aka the take a picture slides)
  • 10. An Introduction to Malware Analysis - http://contagiodump.blogspot.com/ - http://dasmalwerk.eu/ - https://malshare.com/ - http://thezoo.morirt.com/ - http://openmalware.org/ - https://virusshare.com/ - https://zeltser.com/malware-sample-sources/ 10 Links TO LIVE MALWARE (use at own risk)
  • 11. An Introduction to Malware Analysis Questions,Thoughts, Comments, Concerns, Gripes? 10