Listen to this Post
While getting your hands dirty is the best way to learn malware analysis, watching seasoned malware researchers in action provides invaluable tips and techniques that can elevate your malware analysis game. The channels below are exceptionally good at diving into the nitty-gritty details of how to identify threats, what tools can help identify them, and how things work behind the scenes:
1. The Cyber Yeti by Josh Stroschein
- Beginner-friendly β Discovering this channel a few years ago would have saved me a lot of time understanding malware-related Windows internals and core concepts.
- Comprehensive β Josh covers tons of topics, from PE file structures and Ghidra-related topics to setting up VMs for analysis.
- YouTube: @jstrosch
2. MalwareAnalysisForHedgehogs by Karsten Hahn
- The GOAT of multi-stage malware analysis β Watch Karsten dissect multi-stage malware while sharing his rich insights from years of malware research.
- Binary refinery magic β Watch Karsten craft BinRef recipes to tackle malware obfuscation. This really helps in tackling the steep learning curve of this powerful tool.
- YouTube: @MalwareAnalysisForHedgehogs
3. OALabs by Sergei Frankoff
- Reverse engineering focused β Sergei, who is the co-owner of UnpacMe (https://www.unpac.me/), focuses on dissecting malware using disassemblers (with some great debugging content as well).
- IDA Free! β To keep things accessible to everyone, a lot of the malware is reversed using IDA Free, while also explaining the tactical differences between IDA Free and IDA Pro.
- YouTube: @OALabs
You Should Know:
Here are some practical commands and tools to get started with malware analysis:
1. Setting Up a Malware Analysis Lab
- Install VirtualBox or VMware for virtualization.
- Use REMnux (https://remnux.org/) for a pre-configured malware analysis environment.
- Commands to set up a VM:
sudo apt-get update sudo apt-get install virtualbox
2. Analyzing PE Files
- Use `pefile` in Python to analyze Portable Executable (PE) files:
pip install pefile python -c "import pefile; pe = pefile.PE('malware.exe'); print(pe.dump_info())"
3. Debugging with GDB
- Debug a binary using GDB:
gdb ./malware break main run
4. Dynamic Analysis with Sysinternals Tools
- Use Process Monitor (https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) to monitor system activity.
- Use Process Explorer to analyze running processes.
5. Static Analysis with Ghidra
- Download Ghidra from https://ghidra-sre.org/.
- Open a binary in Ghidra and analyze its decompiled code.
What Undercode Say:
Malware analysis is a critical skill in cybersecurity, and leveraging the right tools and resources can significantly enhance your capabilities. The YouTube channels mentioned above provide excellent insights into malware analysis techniques, tools, and workflows. By combining these resources with hands-on practice using tools like Ghidra, GDB, and REMnux, you can build a strong foundation in malware analysis. Additionally, mastering Windows internals and reverse engineering will give you an edge in identifying and mitigating threats effectively. Keep exploring, practicing, and contributing to the cybersecurity community!
For further reading, check out:
References:
Reported By: Amitmoses Here – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass β
