Overview
Malicious software, or malware, is typically delivered over a network and is designed to cause disruption to a computer, client, server, or network. Disruptions can include leaked private information, unauthorized access to information or systems, blocked user access, interference with security and privacy, or numerous other variations of attacking systems.
Malware analysis dissects malware to gather information about the malware functionality, how the system was compromised so that you can defend against future attacks.
Assembly is a low-level language that is used to communicate with the machine. Assembly programming is writing human-readable machine codes or machine instructions that are directly read by the computer. All high-level languages compiled programs like C or C++ can be broken down, analyzed, and understood using Assembly language with the help of a debugger. This process is known as reverse engineering. Understanding what an executable program does is easy if you have direct access to the source code. But if not, such as the case with malware, learning Assembly can be helpful.
In this course, through video demonstrations, hands-on reverse engineering, and capture-the-flag type activities, you will be introduced to the processes and methods for conducting malware analysis of different file types. You will analyze native executable files, and analyze popular files like PowerShell, JavaScripts, and Microsoft Office documents.
Then you will learn the fundamentals of Assembly language, basic Win32 Assembly programming concepts, and how Reverse Engineers use Assembly to analyze malware.
Syllabus
- Malware analysis overview and process
- In this module, you will learn about malware analysis and the process.
- Virtual Machine Setup
- In this module, you will be given guidance on how to create a testing VM in your own environment, which will provide a safe self-contained system in which to analyze sample files.
- Static and Dynamic analysis
- In this module, you will learn about and set up static and dynamic analysis
- Manual code reversing
- In this module, you will learn about and perform manual code reversing.
- Analyze PowerShell, JavaScript, and macro-enabled documents
- In this module, you will analyze several common sample types.
- Analyze ELF file format
- ELF is the default executable file format on Linux systems. In this module, you will learn how to set up REMnux and analyze an ELF file.
- Analyze ASPX Webshell and JAR files
- In this module, you will learn how to analyze webshells and JAR files.
- Introduction to Assembly Language
- Digital Badge
Taught by
IBM Security Learning Services