A Primer on Reverse Engineering Malwares

More documents

Recommendations

Info

Case Study – Operation Aurora Command & Control Centre Site hosting Malware 5. Once the Malware infection is successful C&C controls and monitors the victim's computer 3. Malicious Code tries to download a variant of hydra Trojan onto victim’s machine © 2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4. Attacker’s website serves the Malware Firewall 1. User opens a infected website on internet 2. JavaScript based exploit vector, uses IE’s 0day vulnerability and executes Shellcode component Internet
Reverse-Engineering Malware (Cheat Sheet) Approach Set up a controlled, isolated laboratory in which to examine the malware specimen. Perform behavioral analysis to examine the specimen’s interactions with its environment Perform static code analysis to further understand the specimen’s inner-workings. Perform dynamic code analysis to understand the more difficult aspects of the code. If necessary, unpack the specimen. Repeat steps 2, 3, and 4 (order may vary) until sufficient analysis objectives are met. Document findings and clean-up the laboratory for future analysis. © 2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1. Be ready to revert to good state via dd, VMware snapshots, CoreRestore, Ghost, SteadyState, etc. 2. Monitor local (Process Monitor, Process Explorer) and network (Wireshark, tcpdump) interactions. 3. Detect major local changes (RegShot, Autoruns). 4. Redirect network traffic (hosts file, DNS, Honeyd). 5. Activate services (IRC, HTTP, SMTP, etc.) as needed to evoke new behavior from the specimen. IDA Pro is a Windows or Linux or Mac OS X hosted multi-processor disassembler and debugger OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html
Page 1 and 2: A Primer on Revers
Page 3 and 4: Setting the Stage
Page 5 and 6: Malware’s growing at alarming rat
Page 7 and 8: Cyber War Virtual Wars Source - htt
Page 9 and 10: Scenario @ home Penetration into Hi
Page 11 and 12: Malware Entry Points Universal Seri
Page 13 and 14: Zombie Hotspots @ Home India leadin
Page 15 and 16: Introduction
Page 17 and 18: Malwares & their Variants Trojan Ho
Page 19 and 20: Myth I - I bought an Anti-virus and
Page 21 and 22: Myth III - Malwares creation requir
Page 23 and 24: So we know why they are written…
Page 25 and 26: Malware Detection & Analysis Life C
Page 27 and 28: Data Collection & Analysis Data Col
Page 29 and 30: Ad-Hoc Utilities used for Malware D
Page 31 and 32: Behavior Analysis 3 Stage Approach
Page 33 and 34: Behavior Analysis Mitigating Risk V
Page 35 and 36: Behavior Analysis Monitoring Proces
Page 37 and 38: Behavior Analysis Verifying the The
Page 39 and 40: Dynamic Malware Analysis - Process
Page 41 and 42: Code Analysis Expands and Reinforce
Page 43 and 44: Code Analysis …..with patience…
Page 45: Case Study - Operation Aurora Overv
Page 49: Thank You Presentation by Sony Anth

A Primer on Reverse Engineering Malwares

Create successful ePaper yourself

Delete template?

Save as template?