Malware Dynamic Analysis Veronica Kovah vkovah.ost at gmail See notes for citation1

Slides:



Advertisements
Similar presentations
COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 3 Operating Systems.
Advertisements

What is an operating system? Is it software?
Lesson 6. The Computer Operation Computer Operating Systems GUI vs. Command line The Microsoft Windows Family File Systems – How Computers Manage Data.
Malware Dynamic Analysis Part 5 Veronica Kovah vkovah.ost at gmail See notes for citation1
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
By Hiranmayi Pai Neeraj Jain
Malware Dynamic Analysis Part 6 Veronica Kovah vkovah.ost at gmail See notes for citation1
Computer Skills By Ian Cole Lecturer in C&IT (Communications and Information Technology) University of York Department of Health Sciences Presentation.
Course Introduction and Getting Started with C 1 USF - COP C for Engineers Summer 2008.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Midterm Thursday Topics: First Midterm Instructions Set Architecture Machine Language Programming Assembly Language Programming Traps, Subroutines, & Interrupts.
Background of Wireless Communication Student Presentations and Projects Wireless Communication Technology Wireless Networking and Mobile IP Wireless Local.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 4P. 1Winter Quarter Introduction to UNIX.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
WINDOWS 7 AND UBUNTU INSTALLING LINUX WITHIN WINDOWS.
Automated Malware Analysis
To run the program: To run the program: You need the OS: You need the OS:
2. Introduction to the Visual Studio.NET IDE 2. Introduction to the Visual Studio.NET IDE Ch2 – Deitel’s Book.
 The operating system is essential for the computer; without it the computer could not work.  The main function of any operating system is being an intermediary.
Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.
Chapter 1 Introduction to Visual Basic Programming and Applications 1 Exploring Microsoft Visual Basic 6.0 Copyright © 1999 Prentice-Hall, Inc. By Carlotta.
Chapter 1 Introduction to Visual Basic Programming and Applications 1 Joshi R.G. Dept. of Computer Sci. YMA.
Malware Dynamic Analysis Part 1 Veronica Kovah vkovah.ost at gmail See notes for citation1
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Hands-On Virtual Computing
T U T O R I A L  2009 Pearson Education, Inc. All rights reserved. 1 2 Welcome Application Introducing the Visual Basic 2008 Express Edition IDE.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Hosted Virtualization Lab Last Update Copyright Kenneth M. Chipps Ph.D.
Booting Ubuntu Linux Live CSCI 130 – Fall 2008 Action Lab Dr. W. Jones.
CS 444 Introduction to Operating Systems
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
BlackHat Windows Security 2004 Data Hiding on a Live System by Harlan Carvey
Lab 10 Department of Computer Science and Information Engineering National Taiwan University Lab10 – Debugging II 2014/12/2 1 /16.
UNIX Introduction CSCE 221H Texas A&M University.
9/2/ CS171 -Math & Computer Science Department at Emory University.
Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.
StopPreviousNext 1 Internet training course Workbook 2 How to use the Internet Easy English workbook July 2010.
INTRODUCTION TO CSCE LAB BASIC OF COMPUTERS, C++, UNIX, AND HELLO WORLD.
MIPS Project -- Simics Yang Diyi Outline Introduction to Simics Simics Installation – Linux – Windows Guide to Labs – General idea Score Policy.
CSCI 1033 Computer Hardware Course Overview. Go to enter TA in the “Enter Promotion Code” box on the bottom right corner.
IST 222 Day 3. Homework for Today Take up homework and go over Go to Microsoft website and check out their hardware compatibility list.
Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.
This ASI is designed to engage scientists in advanced techniques in receiver functions and imaging earth structure.
Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.
Advanced x86: BIOS and System Management Mode Internals Introduction
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Unix Servers Used in This Class  Two Unix servers set up in CS department will be used for some programming projects  Machine name: eustis.eecs.ucf.edu.
Getting your STK license for METC 106 Go to the website and download STK 9.2.3http://
The Development Process Compilation. Compilation - Dr. Craig A. Struble 2 Programming Process Problem Solving Phase We will spend significant time on.
© 2015 by McGraw-Hill Education. This proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.
WR 121 [Librarian name] [Instructor name] [Section number]
GNU and Linux.
WannaCry/WannaCrypt Ransomware
Introduction to Computers, the Internet and the World Wide Web
Techniques, Tools, and Research Issues
Techniques, Tools, and Research Issues
Installation and Configuration
R4H Reversing for Humans
GNS 312 (DIGITAL SKILL ACQUISITION)
BotCatch: A Behavior and Signature Correlated Bot Detection Approach
Fix Gmail Error 776 Get connected at Gmail Customer Service Number to Fix Gmail Error 776 under supervision of Gmail tech support team.
Hands-On Virtualization in the Classroom
CSE 303 Lecture 1 introduction to Linux/Unix environment
1. Open Visual Studio 2008.
Introduction to Intel x86-64 Assembly, Architecture, Applications, & Alliteration Xeno Kovah – 2014 xkovah at gmail.
Basic Dynamic Analysis VMs and Sandboxes
Talking Malware Analysis with MITRE
Presentation transcript:

Malware Dynamic Analysis Veronica Kovah vkovah.ost at gmail See notes for citation1

All materials is licensed under a Creative Commons “Share Alike” license See notes for citation2

This class is for people Who are interested in computer security Who want to understand how malware works Who want to start working on malware analysis, or who have recently started See notes for citation3

Thanks to Xeno Kovah, Ben Schmoker and Frank Poz for reviewing class materials Ezra Moses, MITRE Institute tech support for setting up Ubuntu on the lab machines Openmalware.org (offensivecomputing.net) for sharing samples, very good resource See notes for citation4

About me and you BE in CS and MS in CE (but mostly CS background) Security related work experience: – Malware analysis and analysis tool development – Security product reverse engineering – Windows memory integrity measurement/verification – Vulnerability research – Network IDS/IPS signature development Like hands-on work (coding, debugging, and reversing) How about you? Any particular topic that you want to learn from this class? See notes for citation5

Outline (1) Part 1: Introduction – Observing an isolated malware analysis lab setup – Malware terminology – RAT exploration - Poison IVY – Behavioral analysis Part 2: Persistence techniques – Using registry keys – Using file systems – Using Windows services See notes for citation6

Outline (2) Part 3: Maneuvering techniques – (How malware strategically positions itself to access critical resources) – DLL/code injection – DLL search order hijacking... Part 4: Malware functionality – Keylogging, Phone home, Security degrading, Self- destruction, etc. See notes for citation7

Outline (3) Part 5: Using an all-in-one sandbox – Cuckoo Sandbox – Malware Attribute Enumeration and Characterization (MAEC) – Different sandbox results comparison Part 6: Actionable output – Yara – Snort See notes for citation8

Books See notes for citation9

Class Conventions (1) Slides with on the left corner means we will perform hands-on lab activities Slides with include answers to lab questions, which often follows lab slides. Please do not read the answers before you finish a lab ;) Slides with a green bar on top means it’s background context See notes for citation10

Class Conventions (2) Lines starting with – C:\> means, you are asked to type in a DOS window on the Windows XP VM but it does not mean the command needs to be executed at the top level – $ means, you are asked to type in a Linux terminal on the Ubuntu host machine See notes for citation11

Class Materials On the Ubuntu host machine – $ cd ~/MalwareClass && ls – $ cd ~/Updates && ls – $ virtualbox & On the victim VM – On Desktop, open MalwareClass directory Please see Notes for citation and check out the original works See notes for citation12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.