Jump to content

How to get started in Malware Analysis?


DreamDream
 Share

Recommended Posts

there are some defcon and other conference talks on malware and directing them. for the most part you'll want a machine you don't care about, possibly even virtualized but malware is becoming increasingly smarter and often won't execute payloads and downloads if they detect running in a VM. sandboxing is a must and keeping good devices off the same network is always a smart move as well. if you want to know what they do though, letting them run and monitoring both their traffic and changes they make to the system are good starters as well as using a debugger to search through it for strings such as passwords to sites it may dial home to or irc channels. most often this can be seen in a packet capture but if it uses ssl or tunneling to bypass firewalls the only way to see it is from memory or a debugger tool to hook into what it's doing.

Link to comment
Share on other sites

there are some defcon and other conference talks on malware and directing them. for the most part you'll want a machine you don't care about, possibly even virtualized but malware is becoming increasingly smarter and often won't execute payloads and downloads if they detect running in a VM. sandboxing is a must and keeping good devices off the same network is always a smart move as well. if you want to know what they do though, letting them run and monitoring both their traffic and changes they make to the system are good starters as well as using a debugger to search through it for strings such as passwords to sites it may dial home to or irc channels. most often this can be seen in a packet capture but if it uses ssl or tunneling to bypass firewalls the only way to see it is from memory or a debugger tool to hook into what it's doing.

Thank you very much digip!!

I got some help from other forums as well!!

Just put it here in case anyone else needs them too!!

http://www.bleepingcomputer.com/forums/t/578951/how-to-get-started-as-a-malware-analyst/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...