Project 12: Malware Analysis & Reverse Engineering
Analyze malware samples, dissect malicious code, and reverse-engineer executables to understand cyber threats.
Project 12: Malware Analysis & Reverse Engineering
Analyze malware samples, dissect malicious code, and reverse-engineer executables to understand cyber threats.
Malware Analysis & Reverse Engineering
Overview
Malware analysis is a crucial skill for cybersecurity professionals tasked with detecting, dissecting, and mitigating malicious software. This project introduces students to dynamic and static analysis techniques, including disassembling binaries, analyzing network behavior, and reverse engineering malware to understand its functionality.
What You Will Learn
- Static analysis of malware files without execution
- Dynamic analysis of malware in a controlled environment
- Disassembling binaries to analyze malicious functions
- Extracting Indicators of Compromise (IOCs) from malware samples
- Reverse-engineering techniques to understand attack methodologies
Hands-On Learning
Students will gain experience using:
- Ghidra & IDA Free for static analysis and reverse engineering
- Wireshark & ProcMon to observe malware network and system behavior
- Hybrid Analysis & VirusTotal for online malware scanning
- YARA rules to detect and classify malware
- Sandboxing tools (Cuckoo Sandbox, Any.Run) for safe execution
๐ Continue to the hands-on lab for full instructions!
Malware Analysis & Reverse Engineering Lab
Malware Analysis & Reverse Engineering Lab Overview In this lab, students will conduct static and dynamic analysis on malware samples to dissect their functionality, extract indicators of compromise (IOCs), and understand how cyber threats operate. The objective is to apply reverse engineering techniques to analyze malicious binaries and scripts. Lab Instructions 1. Setting Up Your Environment You will need: A dedicated malware analysis VM (FlareVM, REMnux, or a sandboxed Windows/Linux VM) Installed tools: Ghidra or IDA Free for static analysis Wireshark & ProcMon for system and network monitoring Cuckoo Sandbox or Any.Run for dynamic analysis YARA for signature-based malware detection Step 1: Isolate the Analysis Environment vmrun start /path/to/malware_vm.vmx Ensure the machine is not connected to the internet and use snapshotting before running any malware. ...