PaulDotCom mailing list archives
Want to get into malware analysis
From: dphull at trustedsignal.com (Dave Hull)
Date: Fri, 23 Jan 2009 17:27:26 -0600
2009/1/23 matt donovan <kitchetech at gmail.com>:
I am already planning to buy Applied Cryptography, 2nd Edition to learn about some Cryptography.
Great book, but I don't know how helpful it will be for learning about malware. You may be better served with a book on assembly and reverse engineering. There are two common approaches to studying malware: behavioral analysis and reverse engineering. Behavioral analysis involves creating a controlled, air-gapped environment to run your samples in with appropriate monitoring systems installed (network and process sniffers). As you learn more about the code and how it behaves, you'll modify the environment it runs in. For example, if it tries to connect to some server via http or irc, you can set up that service and add an entry to a hosts file to point to your new service. Fire up the malware again and see what it does when it connects to those services... Behavioral analysis is only going to get you so far. Eventually you'll want to disassemble the code to find out what it's really capable of, this is where things get more complicated, for me at least. I know the basics and have studied this a little, but unfortunately I'm no master of assembly (yet) which I believe is a requirement for hardcore reversing. Others may not agree. Good luck, I think it's a really interesting field and wish I had more time for it... and all the other things I find interesting. -- Dave
Current thread:
- Want to get into malware analysis matt donovan (Jan 23)
- Want to get into malware analysis Dimitrios Kapsalis (Jan 23)
- Want to get into malware analysis xgermx (Jan 23)
- Want to get into malware analysis matt donovan (Jan 23)
- Want to get into malware analysis wishi (Jan 24)
- Want to get into malware analysis PJ McGarvey (Jan 26)
- Want to get into malware analysis matt donovan (Jan 23)
- Want to get into malware analysis Dave Hull (Jan 23)
- Want to get into malware analysis infolookup at gmail.com (Jan 23)
- Want to get into malware analysis iamnowonmai (Jan 23)