Malware Analysis - Dynamic Analysis: Computer Security Lectures 2014/15 S1 HD

youtube 05.01.2015

This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org. The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed. Topics covered in this lecture include: Dynamic Analysis Safety: Working in a safe environment Network Isolation Pros and Cons Live memory analysis Malware analysis approaches gcore strings /tmp/attack.core Looking through the memory dump System calls System call monitoring strace: runs a command and intercepts and records system calls and signals Reminder: system calls are how programs interact with the kernel You can use this technique to understand what a program is doing System call monitoring You can take this a step further and attach to an existing process to see what it is up to: strace -f -p pid If there is too much noise you can use options to only show file or network activity Library call monitoring ltrace is similar, except that it can report each time a dynamic library function is called Process Monitor (procmon) on Windows can be used to monitor all file/registory access (like a GUI lsof for Windows) Network monitoring (using a sniffer such as Wireshark or TCPDump) can be combined with procmon to give a fairly complete picture of activity Debugging and interactive disassembly Debuggers can display the machine instructions GDB, Ollydbg, Windbg A debugger can be attached to a running process, or a process can be started using it You can step through the program, and print out information such as the values in memory GDB Automated dynamic behavioural recording/analysis Run the malware within an isolated environment (VM/sandbox), and automatically save changes made to the system, and/or record all file/network activity Cuckoo Online service: https://malwr.com/ Zero Wine Copy-on-write sandbox: Sandboxie Conclusion

Malware Analysis - Dynamic Analysis: Computer Security Lectures 2014/15 S1 HD

Похожие видео

Malware Analysis - Dynamic Analysis: Computer Security Lectures 2014/15 S1

IRC-Worm.Win32.Fagot Analysis

skl-14 Power & Speed of MOS Inverters

skl-27 PLA Minimization (PLA Folding)

Wireshark - Malware traffic Analysis

#HITB2016AMS D1T2 - Kernel Exploit Hunting And Mitigation - Broderick Aquilino and Wayne Low

Sandworm: reading the indictment between the lines

DEF CON 22 - Jim Denaro and Tod Beardsley - How to Disclose an Exploit Without Getting in Trouble

Remcos RAT Review - Remote Access Tool

#HITBGSEC D1: Malware Classification With Graph Hash - Chai Ching Fang and Shih-Hao Weng

Analysis of TNW, Adjusted TNW and TOL / TNW in Loan Proposal

Twisted Pair Cables | Computer Networks Lectures in Hindi

Cosmos: ATOM's STRONG Value & Price Potential!!

Cyber Security Tutorial | Cyber Security Training for Beginners | Intellipaat

Intelligent Sensing Devices and Sensor Signal Processing (SPO2, ECG,TEMP) Using W.S.N and MSP430