Malware Reverse Engineering

This course has been designed for forensic investigation of malicious program that targets windows operating system. Malware analysis is useful for threat intelligence identification, response to security incidents and ability to fortify defense. Also after going through this course student builds strong foundation for reverse engineering malicious code using various system and network monitoring tools, disassembler, debugger and other tools used for diagnosing malware internals.

Pre-requisites: Knowledge of windows operating systems, programming language.

Below is the detailed courseware syllabus

ModuleTopicsSubtopics
1.IntroductionIntroduction to reverse engineering, Applications of reverse engineering and Case Studies, Basic Static Analysis, Basic Dynamic Analysis, Advance Static Analysis, Advance Dynamic Analysis
2.Basic Static AnalysisAntivirus Scanning, hashing, Finding Strings, Packing and Obfuscation, PE file format, Linked libraries & functions, Lab exercise
3.Malware Analysis in virtual machineSetting up malware analysis machine, Using malware analysis machine and Lab exercise
4.Basic dynamic analysisSandboxes, Runing malware, Monitoring with process monitor, Viewing processes with Process explorer, Comparing registry snapshots with RegShot, Faking a network, Packet sniffing with Wireshark, Using iNetSim, Basic dynamic tools in practice and Lab exercise
5.Assembly LanguageIntroduction to Compilers, Registers, Data Structures and Binary Executables, IA - 32 Processor Architecture and Windows Architecture
6. IDA ProLoading an executable, The IDA pro interface, Using cross references, Analyzing functions, Enhancing disassembly, Extending IDA pro with plugins and Lab exercise
7. Recognizing C code constructs in assemblyGlobal v/s local variable, Disassembling arithmatic operation, Recognizing if statement, Recognizing loops, Understanding function call conventions, Analyzing switch statements, Disassembling arrays, Identifying structs, Analyzing linked list traversal and Lab exercise
8. Analyzing malicious windows program The windows API, The windows registry, Network APIs, Following running malwares, Kernal v/s user mode, The native API and Lab exercise
9. Live Malware Analysis Project