Why malware analysis
Malware analysis (“MA”) is a fun and excited journey for anyone new or seasoned in the career field. Taking a specimen (malware sample) and reverse engineering it to better understand its inner workings can be a long, tedious adventure. With the sheer number of malware samples circulating the internet, in addition to the various formats specimens are found in, makes malware analysis a good challenge. Outside of learning MA as a hobby, here are some other reasons why we perform malware analysis:
- To better understand how a specimen works. This may yield certain unique attributes about how the malware was written, methods it performs or its dependencies.
- To collect intelligence and build Indicators of Compromise (“IOCs”), usually comprised of Host Based Indicators (“HBIs”) and/or Network Based Indicators (“NBIs”).
- For general knowledge or research purposes.
How do I get started?!
If you’re new to malware analysis, you want to ensure you’ve taken the right precautions before handling any malicious code. These series of posts will cover the following objectives:
- Gather additional readings and resources that helped me get started.
- Stay current on malware trends and the threat landscape.
- Understand operational security and why it’s important.
- Build your local malware lab.
