First, I would like to thank all the participants who remained motivated and interested for 3.30 hours — well done!
This workshop focuses on several topics related to malware analysis, namely:
- Understanding what is a malware and as it can be classified;
- Windows Internals 101 (ring0, ring3, SSDT, DKOM, Windows process management linked list, Win API, Native API, memory, etc);
- PE Fie Structure (sections, PE Header, IAT, entropy)
- Malware: Sandbox analysis vs manual analysis
- Malware protection 101: Packers, Crypters and Protectors
- 0X042 UPX Packer – How to Unpack UPX
- 0X043 Creating a Simple XOR Crypter (a section crypter)
- Understanding how a crypter can be FUD
Direitos de imagem (c) InfoWeb – UBI
At the end of the workshop, it was intended that participants understand the following:
– Today, criminals are using novel techniques to bypass AV detecions
– Manual debugging must be used to unpack malware (a hard work that is needed to reveal the original malware code)
– Dissecting malware allows us to understand criminals’ modus operandi
– Manual analysis is always required to reveal FUD malware
Presentation slides are available below. Have a nice study and any doubt, please find me.
Once again, thanks.