SlideShare une entreprise Scribd logo

A comparison of tools for malware analysis

Tiziana Spata
Tiziana Spata

This document compares tools for malware analysis, including static analysis tools like IDA Pro that disassemble malware without execution, and dynamic analysis tools like Wireshark and Process Monitor that observe malware behavior when executed. It discusses how static tools like IDA Pro decompile malware to understand control and data flow, while dynamic tools like Wireshark sniff network packets and Process Monitor monitors file, registry, and process activity in real-time. The document recommends combining static and dynamic analysis tools to thoroughly analyze malware.

Technologie
1  sur  11
Télécharger pour lire hors ligne
A COMPARISON OF TOOLS FOR MALWARE ANALYSIS Tiziana Spata tizianaspata@yahoo.it Università degli Studi di Catania Dipartimento di Matematica e Informatica
Malware is everywhere...
Malware Analysis PROGRAM UNDERSTANDING PREVENT MALWARE ATTACK Static Analysis  Dinamic Analysis 
Static Analysis It’s performed without executing the program: • Disassemble the malware • Control flow or Data flow analysis: provide a great deal of information on how malware functions
IDA Pro The Interactive Disassembler Professional is a product of Hex-Rays. It’s a recursive descent disassembler: • Sequential Flow Instructions • Conditional Branching Instructions • Unconditional Branching Instructions • Function Call Instructions • Return Instructions
Dinamic Analysis It’s performed by executing programs on a real or virtual environment. • Black Box Analysis: "what you see is all you get" • White Box Analysis: it’s different from Static Analysis!
Wireshark It’s a free and open-source packet analyzer. Most network interfaces can be put in “promiscuous mode”, in which they supply to the host all network packets they see.
oSpy It’s a packet sniffing tool which aids in reverse-engineering software running on the Windows platform. The sniffing is done on the API level which allows a much more fine-grained view of what’s going on.
Process Monitor It’s an advanced monitoring tool for Windows that shows real-time file system, registry and process/thread activity. Process Monitor includes powerful monitoring and filtering capabilities: • File System • Registry • Process • Network • Profiling
OllyDbg It’s a debugger that races registers, recognizes procedures, API calls… It has a friendly interface, and its functionality can be extended by third party plugins.
Conclusions A good analysis of malware can be made thanks to the combination of several tools that implement techniques of static and dynamic analysis. Thanks for your attention!

Recommandé

Top-Down Approach to Monitoring
Top-Down Approach to MonitoringTop-Down Approach to Monitoring
Top-Down Approach to Monitoring
BigPanda
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat Security Conference
 
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
Liming Zhu
 
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat Security Conference
 
Threat intelligence solution
Threat intelligence solutionThreat intelligence solution
Threat intelligence solution
ARUN REDDY M
 
Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC) Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC)
Abbeloos Jo
 
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowRecon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Priyanka Aash
 

Recommandé

Top-Down Approach to Monitoring
Top-Down Approach to MonitoringTop-Down Approach to Monitoring
Top-Down Approach to Monitoring
BigPanda
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
 
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat Security Conference
 
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
POD-Diagnosis: Error Detection and Diagnosis of Sporadic Operations on Cloud ...
Liming Zhu
 
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat Security Conference
 
Threat intelligence solution
Threat intelligence solutionThreat intelligence solution
Threat intelligence solution
ARUN REDDY M
 
Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC) Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC)
Abbeloos Jo
 
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowRecon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Priyanka Aash
 
LINDO: Optimization Software
LINDO: Optimization SoftwareLINDO: Optimization Software
LINDO: Optimization Software
Tiziana Spata
 
Tesi Specialistica
Tesi SpecialisticaTesi Specialistica
Tesi Specialistica
guestb70ba
 
Ricerca operativa
Ricerca operativaRicerca operativa
Ricerca operativa
guestb70ba
 
Introduction to malware analysis with Cuckoo Sandbox
Introduction to malware analysis with Cuckoo SandboxIntroduction to malware analysis with Cuckoo Sandbox
Introduction to malware analysis with Cuckoo Sandbox
sysinsider
 
Ricerca operativa-e-programmazione-lineare2785
Ricerca operativa-e-programmazione-lineare2785Ricerca operativa-e-programmazione-lineare2785
Ricerca operativa-e-programmazione-lineare2785
ProveZacademy
 
Ricerca Operativa E Programmazione Lineare
Ricerca Operativa E Programmazione LineareRicerca Operativa E Programmazione Lineare
Ricerca Operativa E Programmazione Lineare
zed428
 
Come diventare data scientist - Paolo Pellegrini
Come diventare data scientist - Paolo PellegriniCome diventare data scientist - Paolo Pellegrini
Come diventare data scientist - Paolo Pellegrini
Donatella Cambosu
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysis
Cysinfo Cyber Security Community
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
Charles Lim
 
Presentazione Tesi di Laurea Francesco Ruggieri
Presentazione Tesi di Laurea Francesco RuggieriPresentazione Tesi di Laurea Francesco Ruggieri
Presentazione Tesi di Laurea Francesco Ruggieri
Francesco Ruggieri
 
Power Point - Tesi Triennale
Power Point - Tesi TriennalePower Point - Tesi Triennale
Power Point - Tesi Triennale
Saverio Menin
 
Presentazione Tesi Eda
Presentazione Tesi EdaPresentazione Tesi Eda
Presentazione Tesi Eda
guestafe0ba
 
Presentazione tesi di laurea
Presentazione tesi di laureaPresentazione tesi di laurea
Presentazione tesi di laurea
Erika Montoli
 
Università Di Salerno Presentazione Tesi Gaetano Costa
Università Di Salerno Presentazione Tesi Gaetano CostaUniversità Di Salerno Presentazione Tesi Gaetano Costa
Università Di Salerno Presentazione Tesi Gaetano Costa
guest777bcf
 
La mia Tesi di Laurea - Disturbi Comportamento Alimentare
La mia Tesi di Laurea - Disturbi Comportamento AlimentareLa mia Tesi di Laurea - Disturbi Comportamento Alimentare
La mia Tesi di Laurea - Disturbi Comportamento Alimentare
Valentina Ugolini
 
Presentazione tesi laurea magistrale
Presentazione tesi laurea magistralePresentazione tesi laurea magistrale
Presentazione tesi laurea magistrale
Luigi De Russis
 
Slides tesi di laurea Fabiano Dalla Piazza
Slides tesi di laurea Fabiano Dalla PiazzaSlides tesi di laurea Fabiano Dalla Piazza
Slides tesi di laurea Fabiano Dalla Piazza
Fabiano Dalla Piazza
 
Presentazione Tesi Laurea Triennale
Presentazione Tesi Laurea TriennalePresentazione Tesi Laurea Triennale
Presentazione Tesi Laurea Triennale
lzenki
 
Programmazione lineare - problemi con soluzioni
Programmazione lineare - problemi con soluzioniProgrammazione lineare - problemi con soluzioni
Programmazione lineare - problemi con soluzioni
Cristina Scanu
 
Ricerca Operativa
Ricerca OperativaRicerca Operativa
Ricerca Operativa
chiara1990
 
Top 10 Penetration Testing Tools(Pen test tools).pptx
Top 10 Penetration Testing Tools(Pen test tools).pptxTop 10 Penetration Testing Tools(Pen test tools).pptx
Top 10 Penetration Testing Tools(Pen test tools).pptx
joe reese
 
PyTriage: A malware analysis framework
PyTriage: A malware analysis frameworkPyTriage: A malware analysis framework
PyTriage: A malware analysis framework
Yashin Mehaboobe
 

Contenu connexe

En vedette

LINDO: Optimization Software
LINDO: Optimization SoftwareLINDO: Optimization Software
LINDO: Optimization Software
Tiziana Spata
 
Tesi Specialistica
Tesi SpecialisticaTesi Specialistica
Tesi Specialistica
guestb70ba
 
Ricerca operativa
Ricerca operativaRicerca operativa
Ricerca operativa
guestb70ba
 
Ricerca operativa-e-programmazione-lineare2785
Ricerca operativa-e-programmazione-lineare2785Ricerca operativa-e-programmazione-lineare2785
Ricerca operativa-e-programmazione-lineare2785
ProveZacademy
 
Presentazione Tesi di Laurea Francesco Ruggieri
Presentazione Tesi di Laurea Francesco RuggieriPresentazione Tesi di Laurea Francesco Ruggieri
Presentazione Tesi di Laurea Francesco Ruggieri
Francesco Ruggieri
 
Presentazione Tesi Eda
Presentazione Tesi EdaPresentazione Tesi Eda
Presentazione Tesi Eda
guestafe0ba
 
La mia Tesi di Laurea - Disturbi Comportamento Alimentare
La mia Tesi di Laurea - Disturbi Comportamento AlimentareLa mia Tesi di Laurea - Disturbi Comportamento Alimentare
La mia Tesi di Laurea - Disturbi Comportamento Alimentare
Valentina Ugolini
 
Programmazione lineare - problemi con soluzioni
Programmazione lineare - problemi con soluzioniProgrammazione lineare - problemi con soluzioni
Programmazione lineare - problemi con soluzioni
Cristina Scanu
 

En vedette (20)

LINDO: Optimization Software
LINDO: Optimization SoftwareLINDO: Optimization Software
LINDO: Optimization Software
 
Tesi Specialistica
Tesi SpecialisticaTesi Specialistica
Tesi Specialistica
 
Ricerca operativa
Ricerca operativaRicerca operativa
Ricerca operativa
 
Introduction to malware analysis with Cuckoo Sandbox
Introduction to malware analysis with Cuckoo SandboxIntroduction to malware analysis with Cuckoo Sandbox
Introduction to malware analysis with Cuckoo Sandbox
 
Ricerca operativa-e-programmazione-lineare2785
Ricerca operativa-e-programmazione-lineare2785Ricerca operativa-e-programmazione-lineare2785
Ricerca operativa-e-programmazione-lineare2785
 
Ricerca Operativa E Programmazione Lineare
Ricerca Operativa E Programmazione LineareRicerca Operativa E Programmazione Lineare
Ricerca Operativa E Programmazione Lineare
 
Come diventare data scientist - Paolo Pellegrini
Come diventare data scientist - Paolo PellegriniCome diventare data scientist - Paolo Pellegrini
Come diventare data scientist - Paolo Pellegrini
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysis
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
Presentazione Tesi di Laurea Francesco Ruggieri
Presentazione Tesi di Laurea Francesco RuggieriPresentazione Tesi di Laurea Francesco Ruggieri
Presentazione Tesi di Laurea Francesco Ruggieri
 
Power Point - Tesi Triennale
Power Point - Tesi TriennalePower Point - Tesi Triennale
Power Point - Tesi Triennale
 
Presentazione Tesi Eda
Presentazione Tesi EdaPresentazione Tesi Eda
Presentazione Tesi Eda
 
Presentazione tesi di laurea
Presentazione tesi di laureaPresentazione tesi di laurea
Presentazione tesi di laurea
 
Università Di Salerno Presentazione Tesi Gaetano Costa
Università Di Salerno Presentazione Tesi Gaetano CostaUniversità Di Salerno Presentazione Tesi Gaetano Costa
Università Di Salerno Presentazione Tesi Gaetano Costa
 
La mia Tesi di Laurea - Disturbi Comportamento Alimentare
La mia Tesi di Laurea - Disturbi Comportamento AlimentareLa mia Tesi di Laurea - Disturbi Comportamento Alimentare
La mia Tesi di Laurea - Disturbi Comportamento Alimentare
 
Presentazione tesi laurea magistrale
Presentazione tesi laurea magistralePresentazione tesi laurea magistrale
Presentazione tesi laurea magistrale
 
Slides tesi di laurea Fabiano Dalla Piazza
Slides tesi di laurea Fabiano Dalla PiazzaSlides tesi di laurea Fabiano Dalla Piazza
Slides tesi di laurea Fabiano Dalla Piazza
 
Presentazione Tesi Laurea Triennale
Presentazione Tesi Laurea TriennalePresentazione Tesi Laurea Triennale
Presentazione Tesi Laurea Triennale
 
Programmazione lineare - problemi con soluzioni
Programmazione lineare - problemi con soluzioniProgrammazione lineare - problemi con soluzioni
Programmazione lineare - problemi con soluzioni
 
Ricerca Operativa
Ricerca OperativaRicerca Operativa
Ricerca Operativa
 

Similaire à A comparison of tools for malware analysis

CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
jmical
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
Stephan Chenette
 

Similaire à A comparison of tools for malware analysis (20)

Top 10 Penetration Testing Tools(Pen test tools).pptx
Top 10 Penetration Testing Tools(Pen test tools).pptxTop 10 Penetration Testing Tools(Pen test tools).pptx
Top 10 Penetration Testing Tools(Pen test tools).pptx
 
PyTriage: A malware analysis framework
PyTriage: A malware analysis frameworkPyTriage: A malware analysis framework
PyTriage: A malware analysis framework
 
Malware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharyMalware 101 by saurabh chaudhary
Malware 101 by saurabh chaudhary
 
Wireshark
WiresharkWireshark
Wireshark
 
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an..."Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 
Information Security 201
Information Security 201Information Security 201
Information Security 201
 
INSECT | Security System Project | 2011
INSECT | Security System Project | 2011INSECT | Security System Project | 2011
INSECT | Security System Project | 2011
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
Reverse Engineering Malware - A Practical Guide
Reverse Engineering Malware - A Practical GuideReverse Engineering Malware - A Practical Guide
Reverse Engineering Malware - A Practical Guide
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
 
Kali linux summarised
Kali linux summarisedKali linux summarised
Kali linux summarised
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 
Software for Finding vulnerabilities in programs.pdf
Software for Finding vulnerabilities in programs.pdfSoftware for Finding vulnerabilities in programs.pdf
Software for Finding vulnerabilities in programs.pdf
 
wireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdfwireshark-090916114253-phpapp01 (1).pdf
wireshark-090916114253-phpapp01 (1).pdf
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
 
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slapDEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
Reading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of ProcrastinationReading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of Procrastination
 

Dernier

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 

Dernier (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

A comparison of tools for malware analysis

  • 1. A COMPARISON OF TOOLS FOR MALWARE ANALYSIS Tiziana Spata tizianaspata@yahoo.it Università degli Studi di Catania Dipartimento di Matematica e Informatica
  • 3. Malware Analysis PROGRAM UNDERSTANDING PREVENT MALWARE ATTACK Static Analysis  Dinamic Analysis 
  • 4. Static Analysis It’s performed without executing the program: • Disassemble the malware • Control flow or Data flow analysis: provide a great deal of information on how malware functions
  • 5. IDA Pro The Interactive Disassembler Professional is a product of Hex-Rays. It’s a recursive descent disassembler: • Sequential Flow Instructions • Conditional Branching Instructions • Unconditional Branching Instructions • Function Call Instructions • Return Instructions
  • 6. Dinamic Analysis It’s performed by executing programs on a real or virtual environment. • Black Box Analysis: "what you see is all you get" • White Box Analysis: it’s different from Static Analysis!
  • 7. Wireshark It’s a free and open-source packet analyzer. Most network interfaces can be put in “promiscuous mode”, in which they supply to the host all network packets they see.
  • 8. oSpy It’s a packet sniffing tool which aids in reverse-engineering software running on the Windows platform. The sniffing is done on the API level which allows a much more fine-grained view of what’s going on.
  • 9. Process Monitor It’s an advanced monitoring tool for Windows that shows real-time file system, registry and process/thread activity. Process Monitor includes powerful monitoring and filtering capabilities: • File System • Registry • Process • Network • Profiling
  • 10. OllyDbg It’s a debugger that races registers, recognizes procedures, API calls… It has a friendly interface, and its functionality can be extended by third party plugins.
  • 11. Conclusions A good analysis of malware can be made thanks to the combination of several tools that implement techniques of static and dynamic analysis. Thanks for your attention!