101.school
CoursesAbout
Search...⌘K
Generate a course with AI...

    Introduction to Malware Analysis

    Receive aemail containing the next unit.
    • Introduction to Malware Analysis
      • 1.1Importance of Malware Analysis
      • 1.2Types of Malware
      • 1.3Basic Terminology
    • Preliminary Analysis Techniques
      • 2.1Fingerprinting
      • 2.2Static Properties Analysis
      • 2.3Code Identity Techniques
    • Environment for Malware Analysis
      • 3.1Safe Setup Guidelines
      • 3.2Virtual Machines and how to use them
      • 3.3Basic tools for analysis
    • Static Malware Analysis
      • 4.1PE File Basics
      • 4.2Viewing Files
      • 4.3Disassembling Programs
    • Dynamic Malware Analysis
      • 5.1Introduction
      • 5.2Dynamic Analysis Tools
      • 5.3Dynamic Analysis Techniques
    • Understanding Malware Behaviour
      • 6.1Memory Forensics
      • 6.2Registry Analysis
      • 6.3Network Analysis
    • Reverse Engineering
      • 7.1Introduction to Reverse Engineering
      • 7.2Methods of Reverse Engineering
      • 7.3Tools for Reverse Engineering
    • Advanced Static Analysis
      • 8.1Assembler Basics
      • 8.2Code Constructs
      • 8.3Data Encodings
    • Advanced Dynamic Analysis
      • 9.1Self-Defending Malware
      • 9.2Debugging and Debugger
      • 9.3Discovering Algorithms
    • Anti-Reverse Engineering
      • 10.1Packers, Crypters and Protectors
      • 10.2Rootkits
      • 10.3Anti-debugging Tricks
    • Malware and Network
      • 11.1Botnets
      • 11.2Traffic Analysis
      • 11.3Identification of Command and Control Servers
    • Malware Attribution
      • 12.1Threat Actors and Campaigns
      • 12.2Attribution Techniques
      • 12.3Case Study
    • Malware Mitigation and Prevention
      • 13.1Incident Response
      • 13.2Remediation
      • 13.3Future Trends in Malware

    Introduction to Malware Analysis

    Understanding Basic Terminology in Malware Analysis

    software that is intentionally hostile, intrusive, or damaging to a computer or network

    Software that is intentionally hostile, intrusive, or damaging to a computer or network.

    In the field of malware analysis, understanding the terminology is crucial. This unit will introduce you to key terms and concepts that will be used throughout the course.

    Malware, Exploits, and Vulnerabilities

    Firstly, it's important to distinguish between malware, exploits, and vulnerabilities.

    • Malware: This is a general term for any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can be a virus, worm, trojan, ransomware, spyware, adware, etc.

    • Exploit: An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).

    • Vulnerability: A vulnerability refers to a weakness in a system that can be exploited by a threat actor, such as a hacker, to perform unauthorized actions within a computer system.

    Key Terms in Malware Analysis

    Here are some of the key terms you will come across in malware analysis:

    • Payload: This refers to the part of the malware which performs the malicious action (e.g., deleting files, encrypting data, etc.)

    • Exploit: As mentioned above, an exploit is a piece of software that takes advantage of a vulnerability or bug in a system.

    • Backdoor: A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls.

    • Botnet: A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.

    The Malware Life Cycle

    Understanding the malware life cycle is also crucial in malware analysis. The life cycle of malware describes its lifespan from creation to execution, propagation, and the eventual removal from the host system. The stages of the malware life cycle include:

    1. Design: The malware is created with a specific purpose in mind, such as data theft, system damage, or disruption of services.

    2. Propagation: The malware is distributed to potential victims. This can be done through various methods, including email attachments, malicious websites, or software downloads.

    3. Execution: The malware is activated on the victim's system, either automatically or through some action taken by the user, such as opening a file or clicking a link.

    4. Infection: The malware carries out its intended function. This could involve damaging system files, stealing data, or taking control of the system.

    5. Discovery and Analysis: The malware is detected and analyzed to understand its functionality and purpose.

    6. Removal: Steps are taken to remove the malware from the infected system and to prevent future infections.

    By understanding these terms and concepts, you will be better equipped to delve deeper into the world of malware analysis.

    Test me
    Practical exercise
    Further reading

    Hey there, any questions I can help with?

    Sign in to chat
    Next up: Fingerprinting