PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reverse engineering or Malware analysis.

From: Scott Runnels <srunnels () gmail com>
Date: Thu, 25 Apr 2013 11:25:21 -0400
Hi Jason,

This is something I saved from a recent reddit thread - unfortunately I've
since lost the link on the discussion but here's the text.




Ive taught myself everything I need to know to do decent static analysis.
Im still a beginner, but learn more everyday.
Im a networking student i.e. no programming other than high level
scripting, no low level understanding of operating systems, no
understanding of encoding, and no understanding of advanced maths.
My starting level was literally 0.
Ill tell you exactly what my path of learning was.
1)buy the practical malware analysis book.
2)read the first few chapters(basic static and dynamic analysis)
3)get to the "A crash course in assembly" chapter. In my case I couldnt
even understand a single x86 instruction. This chapter is a crash course,
so this was not clear enough for a beginner like me. I spent a few weeks
reading many websites for x86 guides. The amazing thing I discovered was
that assembly is terribly easy to understand. The main problem is that all
sources I found were boring or over complicating things(maybe because of my
lack of low level understanding..).
4) At this point I was able to read assembly. I found an amazing video
series:http://www.youtube.com/watch?v=wqGepeYntFo. This video series
taught me how to recognize high level programming structures in
assembly(this obviously makes malware analysis a lot easier).
After you fully understand the bomb.exe exercises(Now I think about it, I
may have only done day 1 of the series) from the video series, you are at a
competent level for reverse engineering.
5) Continue reading the book. You will learn about more about
dissasembler(IDA pro) and debuggers (Ollydbg and Windbg).
6)To practice debugging, I spent a few weeks doing "crackme's". These are
little cracking challenges. Try not to use IDA pro at all for these.
7) At the moment I'm creating programs in C++ using the windows API. And
at the same time learning more about cryptography(by creating decoders in
C++ and assembly).
Of course your path will be different, but I hope this step-by-step guide
will give you a general idea.



Hope this helps,
Scott

Scott Runnels



On Thu, Apr 25, 2013 at 6:43 AM, Jason Long <hack3rcon () yahoo com> wrote:


Hello Folks.
Can you offer me some information about Malware analysis? How can I do it?
Can you show me a book in this field?

Cheers.


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: