A workshop titled Strategies for Developing FUD Malware was conducted during Infoweb days at UBI on March 21th, 2019.

First, I would like to thank all the participants who remained motivated and interested for 3.30 hours — well done!

This workshop focuses on several topics related to malware analysis, namely:

  • Understanding what is a malware and as it can be classified;
  • Windows Internals 101 (ring0, ring3, SSDT, DKOM, Windows process management linked list, Win API, Native API, memory, etc);
  • PE Fie Structure (sections, PE Header, IAT, entropy)
  • Malware: Sandbox analysis vs manual analysis
  • Malware protection 101: Packers, Crypters and Protectors
  • 0X042 UPX Packer – How to Unpack UPX
  • 0X043 Creating a Simple XOR Crypter (a section crypter)
  • Understanding how a crypter can be FUD

 

Direitos de imagem (c) InfoWeb – UBI

 

At the end of the workshop, it was intended that participants understand the following:

– Today, criminals are using novel techniques to bypass AV detecions
– Manual debugging must be used to unpack malware (a hard work that is needed to reveal the original malware code)
– Dissecting malware allows us to understand criminals’ modus operandi
– Manual analysis is always required to reveal FUD malware

 

Presentation slides are available below. Have a nice study and any doubt, please find me.

Once again, thanks.

 


Deixe um comentário

O seu endereço de email não será publicado. Campos obrigatórios marcados com *