PaulDotCom mailing list archives
Re: Reverse engineering or Malware analysis.
From: Scott Runnels <srunnels () gmail com>
Date: Thu, 25 Apr 2013 11:25:21 -0400
Hi Jason, This is something I saved from a recent reddit thread - unfortunately I've since lost the link on the discussion but here's the text.
Ive taught myself everything I need to know to do decent static analysis. Im still a beginner, but learn more everyday. Im a networking student i.e. no programming other than high level scripting, no low level understanding of operating systems, no understanding of encoding, and no understanding of advanced maths. My starting level was literally 0. Ill tell you exactly what my path of learning was. 1)buy the practical malware analysis book. 2)read the first few chapters(basic static and dynamic analysis) 3)get to the "A crash course in assembly" chapter. In my case I couldnt even understand a single x86 instruction. This chapter is a crash course, so this was not clear enough for a beginner like me. I spent a few weeks reading many websites for x86 guides. The amazing thing I discovered was that assembly is terribly easy to understand. The main problem is that all sources I found were boring or over complicating things(maybe because of my lack of low level understanding..). 4) At this point I was able to read assembly. I found an amazing video series:http://www.youtube.com/watch?v=wqGepeYntFo. This video series taught me how to recognize high level programming structures in assembly(this obviously makes malware analysis a lot easier). After you fully understand the bomb.exe exercises(Now I think about it, I may have only done day 1 of the series) from the video series, you are at a competent level for reverse engineering. 5) Continue reading the book. You will learn about more about dissasembler(IDA pro) and debuggers (Ollydbg and Windbg). 6)To practice debugging, I spent a few weeks doing "crackme's". These are little cracking challenges. Try not to use IDA pro at all for these. 7) At the moment I'm creating programs in C++ using the windows API. And at the same time learning more about cryptography(by creating decoders in C++ and assembly). Of course your path will be different, but I hope this step-by-step guide will give you a general idea.
Hope this helps, Scott Scott Runnels On Thu, Apr 25, 2013 at 6:43 AM, Jason Long <hack3rcon () yahoo com> wrote:
Hello Folks. Can you offer me some information about Malware analysis? How can I do it? Can you show me a book in this field? Cheers. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Reverse engineering or Malware analysis. Jason Long (Apr 25)
- Re: Reverse engineering or Malware analysis. Andrew Case (Apr 25)
- Re: Reverse engineering or Malware analysis. Brandon Tansey (Apr 25)
- Re: Reverse engineering or Malware analysis. Ron Henry (Apr 25)
- Re: Reverse engineering or Malware analysis. allison nixon (Apr 25)
- Re: Reverse engineering or Malware analysis. Frank McClain (Apr 28)
- Re: Reverse engineering or Malware analysis. Juan Alberto Sanchez (Apr 25)
- Re: Reverse engineering or Malware analysis. Guillaume Ross (Apr 25)
- Re: Reverse engineering or Malware analysis. Matt Nels (Apr 25)
- Re: Reverse engineering or Malware analysis. Scott Runnels (Apr 25)
- Re: Reverse engineering or Malware analysis. S. White (Apr 25)
- Re: Reverse engineering or Malware analysis. Michael Salmon (Apr 28)
- Re: Reverse engineering or Malware analysis. Kory Kyzar (Apr 28)
- Re: Reverse engineering or Malware analysis. Michael Yemane (Apr 28)
- <Possible follow-ups>
- Re: Reverse engineering or Malware analysis. Juan Carlos (Apr 25)
- Re: Reverse engineering or Malware analysis. Michael D. Wood (Apr 29)
- Re: Reverse engineering or Malware analysis. Ron Henry (Apr 29)