Malware Analysis

 

Malware is a portmanteau formed by combining the words: malicious software. Malware can refer to any malicious programs used by the attackers to carry out a cyber-attack [1]. Malware analysis is a pertitent tasks for both security researchers as well as Security operations center (SOC) to understand the evolving landscapes of the malicious attacks and to device detection techniques to thwart these attacks.

Malware analysis is usually categorized into two type: Static and Dynamic malware analysis. Static Malware analysis involves analysing the malware without actually running or executing the underlying code. This is usually done by analysing the malwre signatures using static code analysis tools. Dynamic malware analysis involves running the malware sample in a controlled environment (known as sandbox). The intent is to understand the run-time behavior of the malware and how the virus functions [2].

Selected Syllabi

  • CS6038/CS5138 Malware Analysis, University of Cincinnati [link]
  • CFRS 761-001: Malware Reverse Engineering, George Mason University [link]
  • CIS 4138/CAP 5137 Software Reverse Engineering and Malware Analysis, Florida State University [link]
  • ECE 4833/CS 4xxx/ECE 8803/CS 8803 - Advanced Topics in Malware Analysis, Georgia Tech University [link]
  • CMSC 491/691 Malware Analysis, University of Maryland [link]

Tools

Static Analysis Tools

Dynamic Analysis Tools

Other Tools

Learning Resources

YouTube Videos

  • HackerSploit Malware Analysis [Playlist]: link
  • Intro to Malware Analysis [Black Hat]: link
  • RSA Practical Malware Analysis link
  • Malware Unpacking Tutorials [playlist] link
  • Misc. Malware Analysis [playlist]link

Books[3]

  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
    By Michael Sikorski, Andrew Honig
    ISBN: 978-1593272906
  • Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
    By Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard
    ISBN: 978-0470613030
  • Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
    By Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse
    ISBN: 978-1118787311
  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux and Mac Memory
    By Michael Hale Ligh, Andrew Case
    ISBN: 978-1118787311
  • The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
    By Chris Eagle
    ISBN: 978-1593272890
  • Reversing: Secrets of Reverse Engineering
    By Eldad Eilam
    ISBN: 978-0764574818
  • Windows Internals 6, Part 1 and 2
    By Mark Russinovich, David Solomon, Alex Ionescu
    ISBN: 978-0735648739
    ISBN: 978-0735665873
  • Crimeware: Understanding New Attacks and Defenses
    By Markus Jakobsson and Zulfikar Ramzan
    ISBN-10: 0321501950
    ISBN-13: 978-0321501950
  • The Art of Computer Virus Research and Defense
    By Péter
    ISBN-10: 0321304543
    ISBN-13: 978-0321304544
  • The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition
    By Bill Blunden
    ISBN-10: 144962636X
    ISBN-13: 978-1449626365
  • Rootkits: Subverting the Windows Kernel Paperback
    By Greg Hoglund and James Butler
    ISBN-10: 0321294319
    ISBN-13: 978-0321294319
  • Reverse Engineering Code with IDA Pro
    By Justin Ferguson and Dan Kaminsky
    ISBN-10: 159749237X
    ISBN-13: 978-1597492379
  • Rootkits, Spyware/Adware, Keyloggers and Backdoors: Detection and Neutralization
    By Oleg Zaytsev
    ISBN-10: 1931769591
    ISBN-13: 978-1931769594
  • Professional Rootkits
    By Ric Vieler
    ISBN-10: 0470101547
    ISBN-13: 978-0470101544

Online Courses

  • Coursera Courses: [Course 1] [Course 2] [Course 3] [Course 4]
  • SPECIAL: Introduction to Malware Analysis: Hands-on and Technical [link]
  • SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques [link]
  • GIAC Malware Analysis Certification: GREM [link]
  • InfoSec Malware Analyst [link]
  • InfoSec: Introduction to Malware Analysis [link]
  • IBM Cybersecurity Analyst Professional Certificate [link]

Wiki Learning Resource

  • Malware Analysis (from Google): [link]
  • Malware Analysis handwiki: [link]

References

[1] What is Malware Analysis Techniques

[2] Static Malware Analysis Vs Dynamic Malware Analysis 

[3] Malware Analysis Resources - Existing best practices and tools