Malware Analysis Made Simple

Paul Melson
Paul MelsonIS Director, Information Security Risk & Compliance à Spectrum Health
Malware Analysis Made Simple SecureWorld Expo Detroit Wednesday, November 5, 2008 Paul Melson
Security Incident Response
Why Not Focus On Prevention? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
You’re Probably Required To ,[object Object],[object Object],[object Object],[object Object],[object Object]
Why Do Malware Analysis In-House?
Malware is Number 1! Yay! ,[object Object],[object Object],[object Object],[object Object],[object Object]
Malware Trends
Firewalls & Antivirus Have Lost ,[object Object],[object Object],[object Object]
Malware is Adapting Quickly ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
“ But it’s just spyware, right?” ,[object Object],[object Object],[object Object],[object Object],[object Object]
Detection
Anatomy of a Drive-By Download Dropper Malware Servers More Malware JScript Exploit
Log Files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
 
IDS/IPS Alerts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Snort Rules ,[object Object],[object Object],[object Object],[object Object]
Antivirus?! Yes, Antivirus! ,[object Object],[object Object]
Analysis
For Starters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
 
Detecting Packed Files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Analyzing Binary Files ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Behavioral Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
Network Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Analyzing System Hooks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
 
Building Toolkits
Response Toolkit: CD ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Analysis Toolkit: VM ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Prevention & Recovery
Prevention – Whack-a-Mole ,[object Object],[object Object],[object Object]
Prevention: Local Admin? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Parting Shot: Best Practices ,[object Object],[object Object],[object Object]
Q & A Session
1 sur 36

Malware Analysis Made Simple

Technologie

"Malware Analysis Made Simple" from SecureWorld Expo Detroit, 11/05/2008

Paul Melson
Paul MelsonIS Director, Information Security Risk & Compliance à Spectrum Health

Recommandé

Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
3.6K vues25 diapositives
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
461 vues39 diapositives
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
817 vues30 diapositives
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
1.9K vues36 diapositives
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
3.3K vues39 diapositives
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
5.3K vues18 diapositives

Contenu connexe

Tendances

Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
1.4K vues17 diapositives
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
983 vues31 diapositives

Tendances(20)

Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout4K vues
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade529 vues
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community3.3K vues
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177491 vues
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN1.4K vues
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval983 vues
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht763 vues
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt5.6K vues
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
Touhami Kasbaoui246 vues
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray2.9K vues
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies3.7K vues
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
leminhvuong8.3K vues
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner12.7K vues
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
Vikram Khanna712 vues
Social engineeringSocial engineering
Social engineering
Vishal Kumar12.3K vues
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Adri Jovin767 vues
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk3.1K vues
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar746 vues
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
Hossam .M Hamed1K vues
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo3.1K vues

En vedette

En vedette(20)

'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
Bipin Upadhyay2.3K vues
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
grecsl4K vues
PyTriage: A malware analysis frameworkPyTriage: A malware analysis framework
PyTriage: A malware analysis framework
Yashin Mehaboobe1.7K vues
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic AnalysisCNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
CNIT 126 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
Sam Bowne2.6K vues
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
Sam Bowne6.3K vues
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Lane Huff3.3K vues
CNIT 126 4: A Crash Course in x86 DisassemblyCNIT 126 4: A Crash Course in x86 Disassembly
CNIT 126 4: A Crash Course in x86 Disassembly
Sam Bowne2.2K vues
CNIT 126 7: Analyzing Malicious Windows ProgramsCNIT 126 7: Analyzing Malicious Windows Programs
CNIT 126 7: Analyzing Malicious Windows Programs
Sam Bowne1.9K vues
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection Mechanisms
Sam Bowne931 vues
CNIT 126 6: Recognizing C Code Constructs in Assembly CNIT 126 6: Recognizing C Code Constructs in Assembly
CNIT 126 6: Recognizing C Code Constructs in Assembly
Sam Bowne1.2K vues
CNIT 126 8: DebuggingCNIT 126 8: Debugging
CNIT 126 8: Debugging
Sam Bowne588 vues
CNIT 126 5: IDA Pro CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro
Sam Bowne2.1K vues
Practical Malware Analysis Ch12Practical Malware Analysis Ch12
Practical Malware Analysis Ch12
Sam Bowne1.3K vues
Practical Malware Analysis: Ch 6: Recognizing C Code Constructs in AssemblyPractical Malware Analysis: Ch 6: Recognizing C Code Constructs in Assembly
Practical Malware Analysis: Ch 6: Recognizing C Code Constructs in Assembly
Sam Bowne1.4K vues
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
Sam Bowne1.9K vues
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson8.3K vues
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware Behavior
Sam Bowne3.3K vues
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbgPractical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbg
Sam Bowne3.5K vues
Practical Malware Analysis: Ch 15: Anti-DisassemblyPractical Malware Analysis: Ch 15: Anti-Disassembly
Practical Malware Analysis: Ch 15: Anti-Disassembly
Sam Bowne6K vues
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol8.4K vues

Similaire à Malware Analysis Made Simple

Security Handbook Security Handbook
Security HandbookAnthony Hasse
197 vues10 diapositives

Similaire à Malware Analysis Made Simple(20)

Two-For-One Talk: Malware Analysis for EveryoneTwo-For-One Talk: Malware Analysis for Everyone
Two-For-One Talk: Malware Analysis for Everyone
Paul Melson1.9K vues
Security Handbook Security Handbook
Security Handbook
Anthony Hasse197 vues
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
Greater Noida Institute Of Technology46 vues
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G1.9K vues
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
TechBiz Forense Digital469 vues
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat Modelling
zeroXten996 vues
An experiment in agile threat modellingAn experiment in agile threat modelling
An experiment in agile threat modelling
DevSecCon638 vues
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper2.9K vues
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
Linuxmalaysia Malaysia756 vues
Intro2 malwareanalysisshortIntro2 malwareanalysisshort
Intro2 malwareanalysisshort
Vincent Ohprecio634 vues
Modern Malware and ThreatsModern Malware and Threats
Modern Malware and Threats
MarketingArrowECS_CZ1.7K vues
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian3.2K vues
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack859 vues
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack412 vues
Modern malware and threatsModern malware and threats
Modern malware and threats
Martin Holovský1.5K vues
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk685 vues
HackingHacking
Hacking
rameswara reddy venkat47 vues
HackingHacking
Hacking
Roshan Chaudhary1.4K vues
Security by Weston HeckerSecurity by Weston Hecker
Security by Weston Hecker
EC-Council590 vues
Metasploit Framework Executable EncodingMetasploit Framework Executable Encoding
Metasploit Framework Executable Encoding
technology_flow1.1K vues

Dernier

Dernier(20)

MemVerge: Memory Viewer SoftwareMemVerge: Memory Viewer Software
MemVerge: Memory Viewer Software
CXL Forum117 vues
GigaIO: The March of Composability Onward to Memory with CXLGigaIO: The March of Composability Onward to Memory with CXL
GigaIO: The March of Composability Onward to Memory with CXL
CXL Forum122 vues
Business Analyst Series 2023 - Week 2 Session 3Business Analyst Series 2023 - Week 2 Session 3
Business Analyst Series 2023 - Week 2 Session 3
DianaGray10319 vues
Java 21 and Beyond- A Roadmap of Innovations .pdfJava 21 and Beyond- A Roadmap of Innovations .pdf
Java 21 and Beyond- A Roadmap of Innovations .pdf
Ana-Maria Mihalceanu54 vues
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk82 vues
Photowave Presentation Slides - 11.8.23.pptxPhotowave Presentation Slides - 11.8.23.pptx
Photowave Presentation Slides - 11.8.23.pptx
CXL Forum120 vues
Java Platform Approach 1.0 - Picnic MeetupJava Platform Approach 1.0 - Picnic Meetup
Java Platform Approach 1.0 - Picnic Meetup
Rick Ossendrijver24 vues
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
Fwdays25 vues
"Ukrainian Mobile Banking Scaling in Practice. From 0 to 100 and beyond", Vad..."Ukrainian Mobile Banking Scaling in Practice. From 0 to 100 and beyond", Vad...
"Ukrainian Mobile Banking Scaling in Practice. From 0 to 100 and beyond", Vad...
Fwdays38 vues
MemVerge: Gismo (Global IO-free Shared Memory Objects)MemVerge: Gismo (Global IO-free Shared Memory Objects)
MemVerge: Gismo (Global IO-free Shared Memory Objects)
CXL Forum112 vues
JCon Live 2023 - Lice coding some integration problemsJCon Live 2023 - Lice coding some integration problems
JCon Live 2023 - Lice coding some integration problems
Bernd Ruecker62 vues
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi102 vues
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
The Digital Insurer26 vues
Spesifikasi Lengkap ASUS Vivobook Go 14Spesifikasi Lengkap ASUS Vivobook Go 14
Spesifikasi Lengkap ASUS Vivobook Go 14
Dot Semarang34 vues
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
ThousandEyes88 vues
Liqid: Composable CXL PreviewLiqid: Composable CXL Preview
Liqid: Composable CXL Preview
CXL Forum120 vues
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray1094 vues
"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur
"Thriving Culture in a Product Company — Practical Story", Volodymyr Tsukur
Fwdays39 vues
PyCon ID 2023 - Ridwan Fadjar Septian.pdfPyCon ID 2023 - Ridwan Fadjar Septian.pdf
PyCon ID 2023 - Ridwan Fadjar Septian.pdf
Ridwan Fadjar165 vues
Green Leaf Consulting: Capabilities DeckGreen Leaf Consulting: Capabilities Deck
Green Leaf Consulting: Capabilities Deck
GreenLeafConsulting177 vues

Malware Analysis Made Simple