Malware is a persistent threat in today's digital landscape, evolving continuously to evade detection and wreak havoc on systems. In this presentation, we delve into the intricacies of Malware Analysis and Development, exploring its fundamental concepts and real-world applications.
What you will learn in the workshop:
1. What is Malware Analysis:
We begin by demystifying Malware Analysis, a crucial process for understanding the behavior, functionality, and impact of malicious software. From static analysis to dynamic analysis techniques, we uncover the tools and methodologies used to dissect and analyze malware samples effectively.
2. What is Malware Development:
Next, we shift focus to Malware Development, shedding light on the techniques and tactics employed by threat actors to create sophisticated malware. By understanding the inner workings of malware creation, we gain insights into how to combat these threats effectively.
3. The Malware Development Life Cycle:
We explore the Malware Development Life Cycle, from initial reconnaissance and planning to deployment and post-exploitation activities. By mapping out this cycle, we gain a holistic view of how malware is conceived, developed, and utilized in cyber attacks.
4. Why it's important for Red Teamers and Blue Teamers:
We emphasize the importance of Malware Analysis and Development for both Red Teamers and Blue Teamers. For Red Teamers, it provides invaluable insights into crafting realistic attack scenarios and testing defenses. For Blue Teamers, it equips them with the knowledge to detect, analyze, and mitigate malware threats effectively.
5. Practical Malware Reverse Engineering and Development Examples:
Finally, we dive into practical examples of malware reverse engineering and development. Through hands-on demonstrations and case studies, we showcase the process of dissecting malware, understanding its functionality, and even developing defensive measures to thwart future attacks.
join us virtually for our upcoming "Malware Development" Workshop to learn the world of Malware Analysis and Development, where we unravel the complexities of malware and empower defenders with the tools and knowledge to combat cyber threats effectively.
14. To know how malware is written
To have better offensive and defensive skills
Become a better Red Teamer and Detection Engineer
Better understanding of your OS Internals
Better understanding of OS API Functions
Because real Hackers know their shi*, so know your shi*!
15.
16. “The one who posses the skills and knowledge to understand
and practically apply things, has the power to rule them all”
- Anonymous Philosopher
32. Developing Windows Malware
No different than any kind of low-level Windows development
Uses Windows APIs (documented or not so much)
Built with standard tools and compilers (e.g., Visual Studio)
Testing is paramount
Debugging
33. Windows Subsystem APIs
• Windows API (“Win32”)
• Classic C API from the first days of Windows NT
• Some APIs are COM based
• Especially in newer (Vista+) APIs
• Examples: BITS, DirectX, WIC, DirectShow, Media Foundation
• .NET
• Managed libraries running on top of the CLR
• Common languages: C#, VB.NET, F#, C++/CLI
• Windows Runtime (WinRT)
• New unmanaged API available for Windows 8+
• Built on top of an enhanced version of COM
33
34. PEB, TEBs
VirtualAlloc allocated
memory
Process Virtual Memory Map
MyApp.exe
NtDll.dll
KernelBase.dll
AdvApi32.dll
Thread 1 Stack
Other heaps
0
Default Process Heap
Thread 2 Stack
Kernel32.dll
2GB/4GB/8TB/128TB
34
35. Function Call Flow Example
35
call ReadFile Msvcrt.dll
call NtReadFile
sysenter / syscall
Kernel32.DLL
NtDll.DLL
call NtReadFile NtOskrnl.EXE
NtReadFile:
call driver
NtOskrnl.EXE
Initiate I/O
return to caller
driver.sys
call fread application
User mode
Kernel mode
38. Only for you folks!
20% Discount Code for the upcoming Malware Development Workshop!
Coupon Code: MALDEVISTHEBEST
Click here to redeem your coupon and get the chance to become a Malware Developer!