blueteam security

Malware Analysis Fundamentals

Write-up from Tyler Hudak's Malware Analysis Fundamentals in Pluralsight

Posted by Carl Gaspar on Wed, Sep 6, 2023

This blog is inspired by the Certified Blue Team Level 2 Certification that covers 4 domains:

  • Malware Analysis
  • Threat Hunting
  • Advanced SIEM
  • Vulnerability Management

The Malware Analysis Process

Obtain the malware > (Static Analysis <> Dynamic Analysis) > Reporting

Static Analysis - Analyzing malware without execution

Dynamic Analysis - Analyzing the behavior of malware through execution

Focus Your Analysis

  1. Is the file malicious?
  2. How does the malware modify the system?
  3. Who does the malware contact and why?
  4. How can the malware be detected or removed?

Packers

  • Compress or encrypt executables.
  • Obfuscates program internals.
  • May contain anti-analysis features.

Hiding Your Virtual Machine

  • Make the VM look as real as possible
  • Install common end-user software
  • Open multiple files and documents
  • Don’t install VM guest tools
  • Trick the malware into thinking it is online

VM Installation Checklist

  • Install the OS and patches
  • Install and run your analysis tools
  • Set up host-only networking
  • Additional maintenance tasks
  • Snapshot!

Incomplete

Account expired, need to upgrade.

References

Certified Blue Team Level 2

Malware Analysis Fundamentals by Tyler Huda on Pluralsight

CATALOG
    FEATURED TAGS
    application blueteam chatgpt cheatsheet communication css devsecops documentation draft emoji game government guide hacking html management markdown philippines primer privacy project redirect redteam review security shortcodes skincare text tutorial write-up