Learn to Analyze Malware - (The Malware Analysis Project 101)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
if you're somebody who wants to dabble or investigate into the world of malware analysis in this project I'm going to be overviewing how to get started in malware analysis and in this project series we're going to be going over resources as well as setting up our own isolated malware analysis lab going through some ctfs as well as analyzing some real world malware samples using security tools methodologies and techniques so yeah this is the malware analysis project 101 it's trendy I know but let's go ahead and uh well overview what's going on [Music] for those of you who don't know what malware analysis is or really the purpose behind it in cyber security well analysis basically come down to understanding the behavior and purpose of malicious files programs and executables and there's a you know assortment of reasons why one might want to dabble into the world of malware analysis maybe it's just general curiosity but when it comes to the industry malware analysis helps assist security practitioners in building indicators of compromise for their threat intelligence or threat analysis tools triage incidents or active incidents of what's happening in their environment as well as maybe building out some threat detections and alerts and providing additional contacts into the latest techniques and behaviors um and evasion techniques happening in real the real world and just like cyber security the world of malware is constantly evolving so in this project I assume a complete beginner's mindset into the world of malware analysis investigation and Analysis and really the overall goal is to enhance one's comprehension and provide exposure into investigating malware in the real world as well as malware infection techniques and popular tools used by security practitioners now there's a few sub goals in this project and that basically comes down to understanding the basics of malware infection techniques and indicators of compromise learning the foundations of basic static and dynamic analysis and then investigating real world historical samples of malware with the help of written guides if necessary so let's go through through the project what are we going to be doing well Step One is the foundational training course for this project which is practical malware analysis by Matt Kaylee on TCM Academy Matt is an individual who has 10 years experience I actually just got done completing this course myself and it took me roughly 22 hours to complete he goes by husky hacks and this course offers a great foundation and instructional practical Hands-On you know analysis and investigation of the world of malware step two is going to be creating our own malware lab environment I'm going to be showcasing how to do this both in virtualbox as well as in AWS using ec2 and terraform step three is going to be going through uh ctfs via malware unicorn there's some really cool ctfs on malware unicorn that are Hands-On and they're self-guided through the pro process and then in Step 4 is going to be investigating live malware samples this is where the malware analysis crash course is going to come into play I'm going to be overviewing some typical tools as well as basic methodologies when it comes to malware investigation as well as investigating in historical banking Trojan so for those of you who don't know much about malware analysis there's really two different types of techniques and it comes down to static and dynamic both of these methods or techniques are going to offer an assortment of information in Telemetry with what's happening within malware now static really comes down to not requiring the code or the program to actually execute and you're Gathering static information such as the file hash maybe looking at the header file name or even just looking at you know hard-coded strings and IP addresses and you're just Gathering some basic data and then Dynamic comes down to running the program or the code or executable in a safe sandbox and you're examining what is happening to the malware when it is executed so you're trying to understand the different types of behavior and ultimately when it comes to the world of malware analysis you're going to combine both of these techniques to provide hybrid analysis which is just a combination of both now they're an assortment of tools many many different tools out there and some are free some are commercial and ultimately in this course I'm going to be showing two basic tools number one is flare VM which is a collection of software installation scripts and it downloads a huge Archive of malware analysis tools and then we're going to be using remnux which is a free Linux distribution one of many use cases for remnux is to function as a C2 server so that when malware goes out and reaches out to a host it will simulate that server for that malware now let's take a look at the topology what are we going to be building in this course so like I said we're gonna have uh an isolated virtual machine environment one with running flare VM the other with remnucks So within our virtual machine flare VM is going to exist and this is where we're going to download and detonate the malware and like I said there's going to be the C2 host running in the background in an isolated environment and that's going to be revnux and I'm going to be showing how to do this both in virtualbox as well as AWS using ec2 instances and terraform to do infrastructure as code and to launch our lab environment very quickly and Destroy as well so looking at the project schedule here is what's going to happen we're going to have video one which is what you're looking at today and then video two and three are really going to be getting into the nitty-gritty video 2 is going to be overviewing how to build your own malware analysis lab like I said with virtualbox NATO us and then video 3 is going to be the ultimate crash course where we are going to analyze a banking Trojan with our isolated malware analysis lab and some popular malware analysis tools and we're going to be writing a small little malware report now step one within this project series if you're trying to follow along here is going to be practical malware analysis like I said this is a huge inspiration and a huge shout out goes to Matt not only for the Practical malware topology lab but just all the assortment of methodologies behaviors and tools and techniques so I highly recommend that you check out this course on TCM Academy it's a very affordable course there's a link in the description below finally some warning and disclaimers number one is safety is key so when you are detonating malware especially on a very valuable laptop you need to follow protocols and standards when it comes to downloading and then detonating these malware samples always follow the instructions within courses and follow common standards and then some disclaimers number one I take no responsibility or accountability for the infection of the software or programs files or Corruption of anything this is just a sample crash course here number two is that this project and this series of videos is for educational purposes only I do not condone development or use of or spread of programs intentionally to harm assets or networks or humans or anything else this is just a crash course a series for educational purposes only I am excited to launch this project series if you want more resources go to the malware analysis project 101 on cybercammy.org here you're going to find basically more information on this project as well as resources so uh we'll see you in the project series
Info
Channel: Grant Collins
Views: 19,124
Rating: undefined out of 5
Keywords:
Id: HTCtgp0S4Bs
Channel Id: undefined
Length: 8min 11sec (491 seconds)
Published: Thu Jul 13 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.