Useful Links
Computer Science
Cybersecurity
Malware Analysis
1. Fundamentals of Malware Analysis
2. Setting Up the Analysis Laboratory
3. Basic Static Analysis
4. Basic Dynamic Analysis
5. Advanced Static Analysis (Code-Level)
6. Advanced Dynamic Analysis (Debugging)
7. Analysis of Obfuscated and Evasive Malware
8. Specialized Malware Analysis
9. Memory Forensics in Malware Analysis
10. Reporting and Threat Intelligence Integration
Basic Dynamic Analysis
Observing Malware in Action
Goals and Safety Precautions
Controlled Environment Setup
Sandboxing
Automated Sandbox Systems
Cuckoo Sandbox
Joe Sandbox
Any.run
Features and Limitations
Manual Analysis in a VM
Setting Up the Environment
Baseline Creation
Execution Monitoring
Monitoring System Changes
Process Monitoring
Process Creation and Termination
Parent-Child Process Relationships
Process Injection Detection
Command Line Arguments
Process Tree Analysis
File System Monitoring
File Creation, Deletion, and Modification
Hidden and Temporary Files
Directory Changes
File Attribute Modifications
Registry Monitoring (Windows)
Key Creation, Deletion, and Modification
Autostart Persistence Locations
Run Keys
Services
Scheduled Tasks
Registry Value Changes
Registry Hive Modifications
Monitoring Network Behavior
Simulating Network Services
FakeNet-NG
INetSim
Custom Service Emulation
DNS Simulation
Capturing and Analyzing Network Traffic
Packet Sniffing
Wireshark
tcpdump
Identifying Protocols
HTTP/HTTPS
DNS
SMTP
FTP
DNS Queries
Domain Generation Algorithms (DGA)
DNS Tunneling
HTTP/HTTPS Traffic
User-Agent Analysis
POST/GET Requests
SSL/TLS Analysis
Command and Control (C2) Beaconing
Beacon Intervals
Communication Patterns
Data Exfiltration Detection
Large Data Transfers
Unusual Protocols
Previous
3. Basic Static Analysis
Go to top
Next
5. Advanced Static Analysis (Code-Level)