Malware Reverse Engineering
This course has been designed for forensic investigation of malicious program that targets windows operating system. Malware analysis is useful for threat intelligence identification, response to security incidents and ability to fortify defense. Also after going through this course student builds strong foundation for reverse engineering malicious code using various system and network monitoring tools, disassembler, debugger and other tools used for diagnosing malware internals.
Pre-requisites: Knowledge of windows operating systems, programming language.
Below is the detailed courseware syllabus
|1.||Introduction||Introduction to reverse engineering, Applications of reverse engineering and Case Studies, Basic Static Analysis, Basic Dynamic Analysis, Advance Static Analysis, Advance Dynamic Analysis|
|2.||Basic Static Analysis||Antivirus Scanning, hashing, Finding Strings, Packing and Obfuscation, PE file format, Linked libraries & functions, Lab exercise|
|3.||Malware Analysis in virtual machine||Setting up malware analysis machine, Using malware analysis machine and Lab exercise|
|4.||Basic dynamic analysis||Sandboxes, Runing malware, Monitoring with process monitor, Viewing processes with Process explorer, Comparing registry snapshots with RegShot, Faking a network, Packet sniffing with Wireshark, Using iNetSim, Basic dynamic tools in practice and Lab exercise|
|5.||Assembly Language||Introduction to Compilers, Registers, Data Structures and Binary Executables, IA - 32 Processor Architecture and Windows Architecture|
|6.||IDA Pro||Loading an executable, The IDA pro interface, Using cross references, Analyzing functions, Enhancing disassembly, Extending IDA pro with plugins and Lab exercise|
|7.||Recognizing C code constructs in assembly||Global v/s local variable, Disassembling arithmatic operation, Recognizing if statement, Recognizing loops, Understanding function call conventions, Analyzing switch statements, Disassembling arrays, Identifying structs, Analyzing linked list traversal and Lab exercise|
|8.||Analyzing malicious windows program||The windows API, The windows registry, Network APIs, Following running malwares, Kernal v/s user mode, The native API and Lab exercise|
|9.||Live Malware Analysis Project|