English | MP4 | AVC 1920×1080 | AAC 44KHz 2ch | 45 lectures (6h 56m) | 3.78 GB
Beginners’ course on reverse engineering and malware analysis
If you are completely new to reverse engineering and malware analysis, then this course is for you. I will take you from zero to proficient level in reverse engineering and analyzing malware. You will learn using plenty of practical walk-throughs. We will learn the basics first then gradually proceed to more advanced topics. All the needed tools will be introduced and explained. By the end of this course, you will have the fundamentals of malware analysis under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained in reverse engineering and analysis would be beneficial to you to reverse software as well.
Everything is highly practical. No boring theory or lectures. More like walk-throughs which you can replicate and follow along. We will use tools like tridnet, bintext, pestudio, cff explorer, regshot, procdot, fakenet, wireshark, process monitor, process hacker, xdbg, Ghidra and more…
What you’ll learn
- Flare VM Lab Setup
- OS fundamentals
- Windows API
- Virtual Memory
- PE file structure
- Static Analysis
- Dynamic Analysis
- Network Analysis
- Memory Analysis
- Identifying Standard and Custom Packers
- Unpacking Packed Malware
- Debugging Malware
- Analysing Malware using Ghidra
- Dumping memory
- and more…
Table of Contents
Installing Virtual Machine and configuring it
1 [ 2022 Update ] Installing Windows 10 Virtual Machine
Installing the tools – Flare VM
2 [2023 Update] If Flare VM is not working
3 [2022 Update] Installing Flare VM 3.0 in Windows 10 virtual machine
4 [2022 Update] Installing additional missing tools
5 [2023 Update] Installing the tools used for this course
Files and File Formats
6 Files and File Formats
7 Exercise Identify File Formats
Virtual Memory and the Portable Executable (PE) File
8 Process Creation
9 Virtual Memory
10 Portable Executable (PE) File – Part 1
11 Portable Executable (PE) File – Part 2
Windows Internals
12 Win32 API
Intro to Static and Dynamic Analysis
13 Intro to Static and Dynamic Analysis
Installing additional tools
14 [2022 Updated] Installing addtional tools – bintext
15 Installing addtional tools – graphviz
Lab Static Analysis of Malware Sample 1
16 Lab Static Analysis of Malware Sample 1
Dynamic Analysis Workflow
17 Dynamic Analysis Workflow
Lab Dynamic Analysis of Malware Sample 1
18 Lab Dynamic Analysis of Malware Sample 1
Lab Procdot Analysis of Malware Sample 1
19 Lab Procdot Analysis of Malware Sample 1
Lab Network Analysis of Malware Sample 1
20 Lab Network Analysis of Malware Sample 1
Lab Exercise Intro to Analysis of Malware Sample 2
21 Lab Exercise Intro to Analysis of Malware Sample 2
Lab Static Analysis of Malware Sample 2 – Unpacking
22 Lab Static Analysis of Malware Sample 2 – Unpacking
Lab Static Analysis of Malware Sample 2 – Embedded Strings Analysis
23 Lab Static Analysis of Malware Sample 2 – Embedded Strings Analysis
24 Lab Static Analysis of Malware Sample 2 – PE Header and Hash Analysis
Lab – dynamic analyis of malware sample 2
25 Lab Dynamic Analysis of Malware Sample 2 – Regshot Analysis
26 Lab Static Analysis of Malware Sample 2 – Procdot Analysis
27 Lab Static Analysis of Malware Sample 2 – Network Analysis
Assembly Language Basics
28 Assembly Language Basics
Reverse Engineering Malware Sample 3
29 Intro to Malware Sample 3
30 Decompiling and extraction using exe2aut
31 Disassembling and Decompiling with Ghidra
32 Debugging with xdbg
33 [2022 Update] VirtualAlloc, VirtualAllocEx and NtAllocateVirtualMemory – v2
34 Dumping Memory Using Process Hacker
Reverse Engineering Malware Sample 4 (Ransomware)
35 Intro To Malware Sample 4 (TeslaCrypt Ransomware)
36 File and Packer Identification
37 Debugging and Unpacking with xdbg and Process Hacker
38 Unpacking – Part 2
39 Analysis with Ghidra
Reverse Engineering Malware Sample 5 (Simda Trojan)
40 Intro To Malware Sample 5 (Simda Trojan)
41 File and Packer Identification
42 Identifying Abnormal Epilogues
43 Unpacking the Shellcode
44 Final Unpacking and Analysis in Ghidra
Resources For Further Study
45 Bonus Lecture
Resolve the captcha to access the links!