Member-only story

Introduction to Malware Analysis

TStillz
10 min readNov 19, 2018

--

Why malware analysis

Malware analysis (“MA”) is a fun and excited journey for anyone new or seasoned in the career field. Taking a specimen (malware sample) and reverse engineering it to better understand its inner workings can be a long, tedious adventure. With the sheer number of malware samples circulating the internet, in addition to the various formats specimens are found in, makes malware analysis a good challenge. Outside of learning MA as a hobby, here are some other reasons why we perform malware analysis:

  • To better understand how a specimen works. This may yield certain unique attributes about how the malware was written, methods it performs or its dependencies.
  • To collect intelligence and build Indicators of Compromise (“IOCs”), usually comprised of Host Based Indicators (“HBIs”) and/or Network Based Indicators (“NBIs”).
  • For general knowledge or research purposes.

How do I get started?!

If you’re new to malware analysis, you want to ensure you’ve taken the right precautions before handling any malicious code. These series of posts will cover the following objectives:

  • Gather additional readings and resources that helped me get started.
  • Stay current on malware trends and the threat landscape.
  • Understand operational security and why it’s important.
  • Build your local malware lab.
  • Build your malware analysis sandbox (Cuckoo).
  • Review basic malware analysis techniques.
  • Get hands on with some malware samples and tools commonly used by malware analysts.
  • Learn how to write a findings report based on your analysis.
  • Learn how to extract threat intelligence from your analysis.
  • Learn to be patient! No one learned this all in one night. Take your time and have fun! If you get frustrated, get up, go for a walk and install some java (coffee). Some of the most complex problems have been solved by walk awaying from the problem.

Resources to get you started

Books

--

--

TStillz
TStillz

Written by TStillz

Posting on various topics including incident response, malware analysis, development and finance/investing automation.

No responses yet

Write a response