Malware Analysis
Malware is a portmanteau formed by combining the words: malicious software. Malware can refer to any malicious programs used by the attackers to carry out a cyber-attack [1]. Malware analysis is a pertitent tasks for both security researchers as well as Security operations center (SOC) to understand the evolving landscapes of the malicious attacks and to device detection techniques to thwart these attacks.
Malware analysis is usually categorized into two type: Static and Dynamic malware analysis. Static Malware analysis involves analysing the malware without actually running or executing the underlying code. This is usually done by analysing the malwre signatures using static code analysis tools. Dynamic malware analysis involves running the malware sample in a controlled environment (known as sandbox). The intent is to understand the run-time behavior of the malware and how the virus functions [2].
Selected Syllabi
- CS6038/CS5138 Malware Analysis, University of Cincinnati [link]
- CFRS 761-001: Malware Reverse Engineering, George Mason University [link]
- CIS 4138/CAP 5137 Software Reverse Engineering and Malware Analysis, Florida State University [link]
- ECE 4833/CS 4xxx/ECE 8803/CS 8803 - Advanced Topics in Malware Analysis, Georgia Tech University [link]
- CMSC 491/691 Malware Analysis, University of Maryland [link]
Tools
Static Analysis Tools
- Virus Total [online]
- YARA: [tool] [tutorial]
- AnalyzePE
- PEiD
- PEview
- Dependency Walker
- Resource Hacker
- FileAlyzer
- IDAPro
Dynamic Analysis Tools
Other Tools
- Google Rapid Response Framework(GRR)
- Aleph
- The European Union Agency for Cybersecurity (ENISA)
- DeepViz
- More tools
Learning Resources
YouTube Videos
- HackerSploit Malware Analysis [Playlist]: link
- Intro to Malware Analysis [Black Hat]: link
- RSA Practical Malware Analysis link
- Malware Unpacking Tutorials [playlist] link
- Misc. Malware Analysis [playlist]link
Books[3]
-
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
By Michael Sikorski, Andrew Honig
ISBN: 978-1593272906 -
Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
By Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard
ISBN: 978-0470613030 -
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
By Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse
ISBN: 978-1118787311 -
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux and Mac Memory
By Michael Hale Ligh, Andrew Case
ISBN: 978-1118787311 -
The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
ISBN: 978-1593272890 -
Reversing: Secrets of Reverse Engineering
By Eldad Eilam
ISBN: 978-0764574818 -
Windows Internals 6, Part 1 and 2
By Mark Russinovich, David Solomon, Alex Ionescu
ISBN: 978-0735648739
ISBN: 978-0735665873 -
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson and Zulfikar Ramzan
ISBN-10: 0321501950
ISBN-13: 978-0321501950 -
The Art of Computer Virus Research and Defense
By Péter
ISBN-10: 0321304543
ISBN-13: 978-0321304544 -
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition
By Bill Blunden
ISBN-10: 144962636X
ISBN-13: 978-1449626365 -
Rootkits: Subverting the Windows Kernel Paperback
By Greg Hoglund and James Butler
ISBN-10: 0321294319
ISBN-13: 978-0321294319 -
Reverse Engineering Code with IDA Pro
By Justin Ferguson and Dan Kaminsky
ISBN-10: 159749237X
ISBN-13: 978-1597492379 -
Rootkits, Spyware/Adware, Keyloggers and Backdoors: Detection and Neutralization
By Oleg Zaytsev
ISBN-10: 1931769591
ISBN-13: 978-1931769594 -
Professional Rootkits
By Ric Vieler
ISBN-10: 0470101547
ISBN-13: 978-0470101544
Online Courses
- Coursera Courses: [Course 1] [Course 2] [Course 3] [Course 4]
- SPECIAL: Introduction to Malware Analysis: Hands-on and Technical [link]
- SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques [link]
- GIAC Malware Analysis Certification: GREM [link]
- InfoSec Malware Analyst [link]
- InfoSec: Introduction to Malware Analysis [link]
- IBM Cybersecurity Analyst Professional Certificate [link]
Wiki Learning Resource
References
[1] What is Malware Analysis Techniques
[2] Static Malware Analysis Vs Dynamic Malware Analysis
[3] Malware Analysis Resources - Existing best practices and tools