UsefulLinks
Computer Science
Cybersecurity
Malware Analysis
1. Fundamentals of Malware Analysis
2. Setting Up the Analysis Laboratory
3. Basic Static Analysis
4. Basic Dynamic Analysis
5. Advanced Static Analysis (Code-Level)
6. Advanced Dynamic Analysis (Debugging)
7. Analysis of Obfuscated and Evasive Malware
8. Specialized Malware Analysis
9. Memory Forensics in Malware Analysis
10. Reporting and Threat Intelligence Integration
4.
Basic Dynamic Analysis
4.1.
Observing Malware in Action
4.1.1.
Goals and Safety Precautions
4.1.2.
Controlled Environment Setup
4.2.
Sandboxing
4.2.1.
Automated Sandbox Systems
4.2.1.1.
Cuckoo Sandbox
4.2.1.2.
Joe Sandbox
4.2.1.3.
Any.run
4.2.1.4.
Features and Limitations
4.2.2.
Manual Analysis in a VM
4.2.2.1.
Setting Up the Environment
4.2.2.2.
Baseline Creation
4.2.2.3.
Execution Monitoring
4.3.
Monitoring System Changes
4.3.1.
Process Monitoring
4.3.1.1.
Process Creation and Termination
4.3.1.2.
Parent-Child Process Relationships
4.3.1.3.
Process Injection Detection
4.3.1.4.
Command Line Arguments
4.3.1.5.
Process Tree Analysis
4.3.2.
File System Monitoring
4.3.2.1.
File Creation, Deletion, and Modification
4.3.2.2.
Hidden and Temporary Files
4.3.2.3.
Directory Changes
4.3.2.4.
File Attribute Modifications
4.3.3.
Registry Monitoring (Windows)
4.3.3.1.
Key Creation, Deletion, and Modification
4.3.3.2.
Autostart Persistence Locations
4.3.3.2.1.
Run Keys
4.3.3.2.2.
Services
4.3.3.2.3.
Scheduled Tasks
4.3.3.3.
Registry Value Changes
4.3.3.4.
Registry Hive Modifications
4.4.
Monitoring Network Behavior
4.4.1.
Simulating Network Services
4.4.1.1.
FakeNet-NG
4.4.1.2.
INetSim
4.4.1.3.
Custom Service Emulation
4.4.1.4.
DNS Simulation
4.4.2.
Capturing and Analyzing Network Traffic
4.4.2.1.
Packet Sniffing
4.4.2.1.1.
Wireshark
4.4.2.1.2.
tcpdump
4.4.2.2.
Identifying Protocols
4.4.2.2.1.
HTTP/HTTPS
4.4.2.2.2.
DNS
4.4.2.2.3.
SMTP
4.4.2.2.4.
FTP
4.4.2.3.
DNS Queries
4.4.2.3.1.
Domain Generation Algorithms (DGA)
4.4.2.3.2.
DNS Tunneling
4.4.2.4.
HTTP/HTTPS Traffic
4.4.2.4.1.
User-Agent Analysis
4.4.2.4.2.
POST/GET Requests
4.4.2.4.3.
SSL/TLS Analysis
4.4.2.5.
Command and Control (C2) Beaconing
4.4.2.5.1.
Beacon Intervals
4.4.2.5.2.
Communication Patterns
4.4.2.6.
Data Exfiltration Detection
4.4.2.6.1.
Large Data Transfers
4.4.2.6.2.
Unusual Protocols
Previous
3. Basic Static Analysis
Go to top
Next
5. Advanced Static Analysis (Code-Level)