DreamDream Posted June 20, 2015 Share Posted June 20, 2015 Hi everyone!! Does anyone has any tips and advice on how to get started in this area? Where can I learn more? Thank you very much!! Quote Link to comment Share on other sites More sharing options...
digip Posted June 20, 2015 Share Posted June 20, 2015 there are some defcon and other conference talks on malware and directing them. for the most part you'll want a machine you don't care about, possibly even virtualized but malware is becoming increasingly smarter and often won't execute payloads and downloads if they detect running in a VM. sandboxing is a must and keeping good devices off the same network is always a smart move as well. if you want to know what they do though, letting them run and monitoring both their traffic and changes they make to the system are good starters as well as using a debugger to search through it for strings such as passwords to sites it may dial home to or irc channels. most often this can be seen in a packet capture but if it uses ssl or tunneling to bypass firewalls the only way to see it is from memory or a debugger tool to hook into what it's doing. Quote Link to comment Share on other sites More sharing options...
DreamDream Posted June 20, 2015 Author Share Posted June 20, 2015 there are some defcon and other conference talks on malware and directing them. for the most part you'll want a machine you don't care about, possibly even virtualized but malware is becoming increasingly smarter and often won't execute payloads and downloads if they detect running in a VM. sandboxing is a must and keeping good devices off the same network is always a smart move as well. if you want to know what they do though, letting them run and monitoring both their traffic and changes they make to the system are good starters as well as using a debugger to search through it for strings such as passwords to sites it may dial home to or irc channels. most often this can be seen in a packet capture but if it uses ssl or tunneling to bypass firewalls the only way to see it is from memory or a debugger tool to hook into what it's doing. Thank you very much digip!! I got some help from other forums as well!! Just put it here in case anyone else needs them too!! http://www.bleepingcomputer.com/forums/t/578951/how-to-get-started-as-a-malware-analyst/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.