Security: The beauty of ... malware reverse engineering

Malware represents one of the greatest threats that organizations face today and IT departments are coming to understand that their AV tools can only do so much to protect them. When malware is discovered on their systems, they want to know what it might have done, if the threat is still ongoing, and what they might have lost to the infection. Answers can be very tough to find, but reverse engineering the malware might just be the way to provide them.

By  

While these tools all provide options that will help you delve into your malware, I don't think I would have wanted to learn any of them without some start-up help to guide me on how to make the best use of them.

The class

The class that I took was offered by the Art of Exploitation (http://www.artofexploitation.com/academics_malware_rev_eng.aspx) and was both eye-opening and chock full of tips designed to help the new malware analyst past the stumbling blocks and into profitable analysis fairly quickly.

Having a chance to become familiar with some of the better tools and getting tips on how to make the best use of them will help you make good decisions when it comes time to acquire your own.

We spent time ...

  • looking for system calls that clue you into what the malware is doing
  • watching out for techniques that malware architects use to make it difficult for us to reverse engineer their creations
  • understanding how the system stack is used -- or not -- in passing arguments
  • turning what first appeared to be arbitrary data into clearly articulated code (de-obfuscation)
    and
  • identifying lots of malware "indicators"

This class provided me with ...

  • surprising insights both into how malware works and how I can analyze it
  • super tips on what to watch out for and what to ignore
  • surprising insights into how malware authors try to make their agents of evil hard to analyze -- more than I would ever have imagined
  • ways to make the process of recognizing malware and identifying what it does considerably faster
  • how to focus on the "deliverables" -- the answers that your management is waiting to hear

This AoE (Reverse Malware Engineering) class ranks in my eyes as best of breed, top notch, and highly recommended.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness