Skip to content

marcusbotacin/Malware.Reverse.Intro

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
GDB
GDB
 
 
Parte1
Parte1
 
 
Parte2
Parte2
 
 
SBSEG
SBSEG
 
 
SHook
SHook
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cancoes.de.ninar.zip
cancoes.de.ninar.zip
 
 

Repository files navigation

Malware Reverse Engineering Introduction

  • Get the book chapter here
  • Real Malware samples for didactic purposes: cancoes de ninar.zip (ask for the password)

Content

  • File Identification
  • Strings Identification (with regex)
  • Disassembly (objdump)
  • Packing (UPX)
  • Compilation approaches (dynamic libs, static compilation, blobs)
  • Dynamic Analysis (strace, ltrace)
  • Developing a Tracing Solution (ptrace)
  • Modularity Approaches (Forking)
  • Anti-analysis Approaches (ptrace detection)
  • Binary Patching
  • Rootkits (LDPRELOAD)
  • Networking (Iptables)
  • Filesystem Monitoring (Inotify)
  • Logging (syslog, audit)

Part 1

  • Basic concepts and examples
  • 2 hours
  • Federal University of Paraná (2017)
  • University of Campinas (2018)

Part 2

  • Protection, Anti-Analysis, Behaviors
  • 2 hours
  • University of Campinas (2018)

GDB

  • Extra Material for GDB Debugging
  • Manual Entry Point Identification
  • Automated on RevEngE Check Here

SBSEG

  • Short Course in the XIX SBSEG (Brazilian Security Symposium)
  • 4 hours

SHook

About

Course Material

Resources

Readme

License

MIT license
Activity

Stars

21 stars

Watchers

4 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages