This course introduces the concept of malware, how they function, their types and how they are extensively used in Advanced Persistent attacks (APT’s) to siphon off the critical business information from an organization on regular basis. We start off with the concepts of Process explorer, disassembling v/s debugging with advanced debugging features. We also set breakpoints to crack down an application dissecting it to the level where malware code is present.
A practice malware lab session is now setup consisting of virtual machines and sandbox environment. We use ReMux, honeypots and online analysis services to track the movement of the malware across the virtual network. We are able to do malware analysis based on the activity monitoring. We now delve deep into the techniques used for analysis of malware such as process dumping, Live Analysis, analyzing Anti-virus evasion and so on. Further we take a peek at advanced malware methodologies which enable us to capture memory dumps, infect PDF and MS office documents and detect and analyze shell code.