Dive into a comprehensive playlist of malware analysis videos covering recent trends and techniques. Learn how to make protected VBA projects viewable, extract ZIP files from PCAP, install Oledump in Windows, and create IDA Python plugins for static XOR string deobfuscation. Explore Emotet maldoc analysis, use Ghidra for shellcode deobfuscation, and set up Suricata with Cuckoo Sandbox. Master the installation of Cuckoo Sandbox v2.0.7 on Ubuntu, unpack trojans using Ghidra and x64dbg, and analyze process hollowing shellcode. Discover techniques for unpacking AutoIt malware, debugging JavaScript via Windows Script Host, and analyzing Excel documents with external data connections. Gain insights into finding macro content in spreadsheet cells, analyzing macros with the Office IDE, and dissecting Emotet droppers. Stay updated with regularly added content covering a wide range of malware analysis topics.
Overview
Syllabus
How-To: Making a Protected VBA Project Viewable with EvilClippy.
Extracting ZIP files from PCAP with Wireshhark & NetworkMiner, plus analysis with CyberChef.
How-To: Installing Oledump in Windows.
Creating an IDA Python Plugin for Static XOR String Deobfuscation.
[11/10/2020] Emotet Maldoc Analysis - Embedded DLL and CertUtil for Base64 Decoding.
Using Ghidra to Statically XOR Obfuscated Shellcode.
Webinar - Installing and Configuring Suricata with Cuckoo Sandbox (04/02/2020).
Setting Up Cuckoo Sandbox v2.0.7 on Ubuntu 18.04.4 - Part 2.
Setting up Cuckoo Sandbox v2.0.7 on Ubuntu 18.04.4 - Part 1.
Unpacking a Trojan with Ghidra and x64dbg.
Getting Started with Ghidra: Analyzing Process Hollowing Shellcode from a Maldoc.
Unpacking Malware that uses AutoIt.
Using Visual Studio to Debug JavaScript via Windows Script Host (WSH).
Excel document uses external data connection for next stage payload.
Finding Macro Content in a Spreadsheet Cell.
Analyzing Macros with the Office IDE.
Macro analysis on an Emotet dropper (office document) from 01/17/2020.
Taught by
Josh Stroschein
