This tutorial is based on a semester-length course on malware analysis that has been offered at UMBC several times.One or two other books are more recent, but not as good. Includes exercises on real malware, but some of the malicious code doesn't work on newer versions of Windows. Want a good book on the subject of malware analysis? Consider Practical Malware Analysis, from No Starch Press.Olly is still widely used, but other debuggers are available, such as Immunity (available at the Olly site and elsewhere perhaps) and 圆4dbg. As an alternative to IDA, consider Ghidra.The free version is fine for our purposes. Download and install a disassembler such as IDA Pro.It is also sometimes convenient to have a UNIX-workalike on your Windows VMs, even if it's not strictly necessary if Linux is handy.įrom which gives you a working UNIX-like environment on.Install a VM running a Linux of your choice.Be advised that some XP malware doesn't work on Windows 7. If you have access to the appropriate ISO files, install virtual machines that run Windows XP and Windows 7.Instructions can be found on the web site, and YouTube as well! Download and install Virtual Box or VMWare Player.However, people who don't do so will be at no disadvantage.While you're at home, with your own Internet connection, you can install any or all of these packages, and perhaps get more out of the tutorial.He has taught a combined graduate-undergraduate course in malware analysis at UMBC for several years. His recent work has considered questions related to storing, searching, and finding patterns in large collections of malware. He has been involved in the CIKM conference for many years, and has recently turned his attention to the problems of malware analysis “in the large”. About the presenter Charles Nicholas is a Professor of Computer Science at UMBC.CIKM is by no means a computer security conference, but knowledge of malware analysis may be useful to data scientists at any level of experience, and there are research issues in malware analysis that pertain to data science. We do not expect attendees to have any prior experience with malware analysis or cyber in general. Target audience, prerequisites, and benefits The intended audience will be those with some knowledge of database or IR, and computer systems in general. We will conclude with our view of important research questions in the field. We will discuss cluster analysis, malware attribution, and the problems caused by polymorphic malware. Concepts and tools from static and binary analysis will be discussed. The most popular tools used for analyzing malicious binaries will be presented and demonstrated, including some or all of Ghidra, IDA, Binary Ninja, and 圆4dbg. We discuss the various types of malware, including executable binaries, malicious PDFs, and exploit kits. Length: half-day, i.e., 3 hours plus breaksĪn overview of the field of malware analysis with emphasis on issues related to data science.
0 Comments
Leave a Reply. |