First, I would like to thank all the participants who remained motivated and interested for 3.30 hours — well done!
This workshop focuses on several topics related to malware analysis, namely:
- Understanding what is a malware and as it can be classified;
- Windows Internals 101 (ring0, ring3, SSDT, DKOM, Windows process management linked list, Win API, Native API, memory, etc);
- PE Fie Structure (sections, PE Header, IAT, entropy)
- Malware: Sandbox analysis vs manual analysis
- Malware protection 101: Packers, Crypters and Protectors
- 0X042 UPX Packer – How to Unpack UPX
- 0X043 Creating a Simple XOR Crypter (a section crypter)
- Understanding how a crypter can be FUD
Direitos de imagem (c) InfoWeb – UBI
At the end of the workshop, it was intended that participants understand the following:
– Today, criminals are using novel techniques to bypass AV detecions
– Manual debugging must be used to unpack malware (a hard work that is needed to reveal the original malware code)
– Dissecting malware allows us to understand criminals’ modus operandi
– Manual analysis is always required to reveal FUD malware
Presentation slides are available below. Have a nice study and any doubt, please find me.
Once again, thanks.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.