Nytro Posted September 2, 2013 Report Posted September 2, 2013 Malware Analysis Tutorials: a Reverse Engineering ApproachAuthor: Dr. Xiang FuRoadmap: You need to first follow Tutorials 1 to 4 to set up the lab configuration. Then each tutorial addresses an independent topic and can be completed separately (each one will have its own lab configuration instructions). Malware Analysis Tutorial 1- A Reverse Engineering Approach (Lesson 1: VM Based Analysis Platform) Malware Analysis Tutorial 2- Introduction to Ring3 Debugging Malware Analysis Tutorial 3- Int 2D Anti-Debugging .Malware Analysis Tutorial 4- Int 2D Anti-Debugging (Part II) Malware Analysis Tutorial 5- Int 2D in Max++ (Part III) .Malware Analysis Tutorial 6- Self-Decoding and Self-Extracting Code Segment .Malware Analysis Tutorial 7: Exploring Kernel Data Structure .Malware Analysis Tutorial 8: PE Header and Export Table .Malware Analysis Tutorial 9: Encoded Export Table . Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools .Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints .Malware Analysis Tutorial 12: Debug the Debugger - Fix Module Information and UDD File .Malware Analysis Tutorial 13: Tracing DLL Entry Point .Malware Analysis Tutorial 14: Retrieve Self-Decoding Key .Malware Analysis Tutorial 15: Injecting Thread into a Running Process .Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack .Malware Analysis Tutorial 17: Infection of System Modules (Part I: Randomly Pick a Driver).Malware Analysis Tutorial 18: Infecting Driver Files (Part II: Simple Infection) . Malware Analysis Tutorial 19: Anatomy of Infected Driver Malware Analysis Tutorial 20: Kernel Debugging - Intercepting Driver Loading .Malware Analysis Tutorial 21: Hijacking Disk Driver Malware Analysis Tutorial 22: IRP Handler and Infected Disk DriverMalware Tutorial Analysis 23: Tracing Kernel Data Using Data Breakpoints Malware Analysis Tutorial 24: Tracing Malicious TDI Network Behaviors of Max++ Malware Analysis Tutorial 25: Deferred Procedure Call (DPC) and TCP Connection Malware Analysis Tutorial 26: Rootkit Configuration Malware Analysis Tutorial 27: Stealthy Loading of Malicious Driver Malware Analysis Tutorial 28: Break Max++ Rootkit Hidden Drive Protection Malware Analysis Tutorial 29: Stealthy Library Loading II (Using Self-Modifying APC) Malware Analysis Tutorial 30: Self-Overwriting COM Loading for Remote Loading DLL Malware Analysis Tutorial 31: Exposing Hidden Control Flow Malware Analysis Tutorial 32: Exploration of Botnet Client Malware Analysis Tutorial 33: Evaluation of Automated Malware Analysis System I (Anubis) Malware Analysis Tutorial 34: Evaluation of Automated Malware Analysis Tools CWSandBox, PeID, and Other Unpacking ToolsSursa: Dr. Fu's Security Blog: Malware Analysis Tutorials: a Reverse Engineering Approach Quote
malsploit Posted September 2, 2013 Report Posted September 2, 2013 daca vrea cineva, ma apuc de tradus articolele respective si le organizam in cursuri, pentru a fi mai usor de urmarit de catre cei care doresc sa se initieze in analiza malware Quote
Nytro Posted September 2, 2013 Author Report Posted September 2, 2013 Nu, nu are rost asa.Daca ai timp, citeste-le si fa un tutorial pornind de la ele, scris si explicat de tine, nu doar tradus. Quote
