Introducing
Prezi AI.
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Loading…
26
Transcript
Module: 14
malware forensics
LEARNING OBJECTIVES
The learning objectives of this module are to:
✓ LO#01: define malware and identify the common techniques attackers use to spread malware ✓
LO#02: understand malware forensics fundamentals and recognize types of malware analysis✓
LO#03: understand and perform static analysis of malware✓
LO#04: analyze suspicious word and pdf documents✓
LO#05: understand dynamic malware analysis fundamentals and approaches
LO#06: analyze malware behavior on system properties in real-time ✓
LO#07: analyze malware behavior on network real-time
l0#08: describe fileless malware attacks and how they happen
l0#09: perform fileless malware analysis-emotet
Learning Objective
define malware and
identify the common techniques
attackers use to spread malware
define malware and identify the common techniques attackers use to spread malware
introduction to malware
components of malware
common techniques attackers use to distribute malware across web
understand malware forensics fundamentals and recognize types of malware analysis
understand malware forensics fundamentals and recognize
types of malware analysis
introduction to malware forensics
why analyze malware ?
malware analysis challenges
identifying and extracting malware
preparing testbed for malware analysis
supporting tools for malware analysis
general rules for malware analysis
documentation before analysis
types of malware analysis
understand and perform
static analysis of malware
understand and perform static analysis of malware
malware analysis: static
static malware analysis: file fingerprinting
static malware analysis: online malware scanning
online malware analysis services
static malware analysis: performing strings search
static malware analysis: performing strings search
static malware analysis: identifying packing/obfuscation methods
static malware analysis: finding the portable executables (PE) information
analyzing portable executable file using pestudio
analyzing portable executable file using pestudio (cont'd)
analyzing portable executable file using pestudio (cont'd)
analyzing portable executable file using pestudio (cont'd)
analyzing portable executable file using pestudio (cont'd)
analyzing portable executable file using pestudio (cont'd)
analyzing portable executable file using pestudio (cont'd)
analyzing portable executable file using pestudio (cont'd)
analyzing portable executable file using pestudio (cont'd)
static malware analysis: identifying file dependencies
static malware analysis: identifying file dependencies
static malware analysis: malware disassembly
malware analysis tool: ida pro
analyze suspicious word and pdf documents
analyze suspicious
word and pdf documents
analyze suspicious ms office document
Title
analyze suspicious ms office document (cont'd)
Title
analyze suspicious ms office document (cont'd)
Title
analyze suspicious ms office document (cont'd)
Title
analyze suspicious ms office document (cont'd)
Title
analyze suspicious ms office document (cont'd)
Title
analyze suspicious ms office document (cont'd)
Title
analyzing suspicious pdf document
Title
analyzing suspicious pdf document (cont'd)
Title
analyzing suspicious pdf document (cont'd)
Title
analyzing suspicious pdf document (cont'd)
Title
analyzing suspicious pdf document (cont'd)
Title
analyzing suspicious pdf document (cont'd)
Title
analyzing suspicious pdf document (cont'd)
Title
analyzing suspicious pdf document (cont'd)
Title
analyzing suspicious pdf document (cont'd)
Title
understand dynamic malware analysis fundamentals and approaches
understand dynamic malware analysis fundamentals and approaches
malware analysis: dynamic
malware analysis: pre-execution preparation
monitoring host integrity
monitoring host integrity using whatchanaged portable
monitoring host integrity using whatchanaged portable
monitoring host integrity using whatchanaged portable
observing runtime behavior
analyze malware behavior on
system properties in real-time
analyze malware behavior on system properties in real-time
system behavior analysis: monitoring registry artifacts
windows autostart registry keys
analyzing windows autostart registry keys
analyzing windows autostart registry keys
analyzing windows autostart registry keys
system behavior analysis: monitoring processes
system behavior analysis: monitoring services
system behavior analysis: monitoring startup programs
system behavior analysis: monitoring startup programs
system behavior analysis: monitoring startup programs
system behavior analysis: monitoring startup programs
startup programs monitoring tool: autoruns for windows
startup programs monitoring tool: autoruns for windows
startup programs monitoring tool: autoruns for windows
startup programs monitoring tool: autoruns for windows
system behavior analysis: monitoring windows event logs
key event ids to monitor
key event ids to monitor
examining windows event logs
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
examining windows event logs (cont'd)
system behavior analysis: monitoring api calls
system behavior analysis: monitoring api calls (cont'd)
system behavior analysis: monitoring api calls (cont'd)
system behavior analysis: monitoring device drivers
device drivers monitoring tool: driverview
system behavior analysis: monitoring files and folders
file and folder monitoring tool: pa file sight
file and folder integrity checkers: fastfun and winmd5
analyze malware behavior
on network in real-time
analyze malware behavior on network in real-time
network behavior analysis: monitoring network activities
monitoring ip addresses
monitoring ip addresses
monitoring ip addresses
network behavior analysis: monitoring port
examining open ports
examining open ports
examining open ports
port monitoring tools: tcpview and currports
network behavior analysis: monitoring dns
examining dns entries
examining dns entries
examining dns entries
dns monitoring tool: dnsquerysniffer
describe fileless malware
attacks and how they happen
describe fileless malware attacks and how they happen
introduction to fileless malware
infection chain of fileless malware
how fileless attack works via memory exploits
how fileless attack works via memory exploits (cont'd)
how fileless attack works via memory exploits (cont'd)
how fileless attack works via memory exploits (cont'd)
how files attack happens via website
how files attack happens via documents
analyze malware behavior
on network in real-time
perform fileless malware analysis - emotet
fileless malware analysis: emotet
emotet malware analysis
emotet malware analysis (cont'd)
emotet malware analysis (cont'd)
emotet malware analysis (cont'd)
emotet malware analysis (cont'd)
emotet malware analysis (cont'd)
emotet malware analysis (cont'd)
emotet malware analysis (cont'd)
emotet malware analysis (cont'd)
emotet malware analysis: timeline of the infection chain
module summary
Choose a template
Presentations from around the world
Learn more about creating dynamic, engaging presentations with Prezi