This document discusses malware analysis tools used by Team 8. It defines malware analysis and the different types - static and dynamic. It describes use cases for malware analysis like detection and research. It then discusses technological solutions for detecting and preventing firewall malware. It outlines the endpoint security stack and how endpoints are protected. It defines a sandbox and how it is used to detect malware behavior in a virtual machine. Finally, it lists some tools that can be used for malware analysis.
4. MALWARE ANALYSIS
Malware analysis is the study or process of determining the functionality, origin and
potential impact of a given malware sample such as a virus, worm, trojan horse,
rootkit, or backdoor.
Malware or malicious software is any computer software intended to harm the host
operating system or to steal sensitive data from users, organizations or companies.
malware may include software that gathers user information without permission.
TYPES OF MALWARE ANALYSIS
STATIC MALWARE ANALYSIS:static or code analysis does not require that the code is
actually.
DYNAMIC MALWARE ANALYSIS: dynamic or behavioral analysis is executed suspected
malicious code in a safe environment called a sandbox.
7. FIREWALL MALWARE
A firewall is a computer network security
system that restricts internet traffic in to, out
of, or within a private network.
This software or dedicated hardware-
software unit functions by selectively blocking
or allowing data packets.
It is typically intended to help prevent
malicious activity and to prevent anyone—
inside or outside a private network.
8. ENDPOINTSECURITY:
protects computers running macos against viruses
and other computer security threats.
protect these endpoints on a network or in the cloud
from cybersecurity threats
works by examining files, processes, and systems for
suspicious or malicious activity
9.
10. THE ENDPOINT SECURITY STACK
While attackers have multiple tools for exploiting endpoints, organizations also
have multiple tools that can be used to make up a complete endpoint security
stack, including:
Endpoint protection platform (epp).
Endpoint detection and response (edr).
Application whitelisting.
Privilege management.
Vulnerability and patch management.
os hardening.
Deception.
Central alerting and monitoring.
DEPENDENCY:
Endpoint security depends on objects that are loaded at operating system
startup, ram, and objects that are targeted by rootkits.
11. SANDBOX
A sandbox is a system for malware
detection that runs a suspicious object in
a virtual machine (VM) with a fully-
featured OS and detects the object's
malicious activity by analyzing its
behavior. If the object performs malicious
actions in a VM, the sandbox detects it as
malware.
Virtual machines (VMs) have been a
critical development for advanced
computing and often get mentioned as
similar environments for anti-malware
analysis and testing. The truth is the line
12. TOOL USED FOR MALWARE
ANALYSIS
The malware analysis tools simply allow us to
know in a quick and effective way, what actions
a threat makes in the system. In this way, you
can easily collect all the information about the
created files, network connections, changes in
the registry, etc.
Hence, to achieve this goal, there are a lot of
resources and tools available that simply
provide the possibility to analyze a threat
through different approaches.