What has become accepted as malware reverse engineering training involves full-spectrum analysis of malicious code both dynamically (run-time) and statically (disassembly). What this means for _run-time analysis is that you put the malware on a virtual machine and run a packet sniffer (like Wireshark), a registry monitor (like RegShot), a file monitor (like CaptureBat) and then a process monitor (like Process Explorer and Process Monitor). Debugging involves looking at the malware in a disassembler (like IDA Pro). The goal is to understand the code and its behavior in order to find the functionality and or obfuscation methods within the malicious binary.
Learning Objectives
- provide a methodical hands-on approach to reverse-engineering by covering both behavioral and code analysis aspects of the analytical process.
- We will also give ample time in practical labs that focus on specific malware reverse engineering concepts.