Malware Analysis

  1. Advanced Dynamic Analysis (Debugging)
    1. Interactive Code Execution
      1. Setting Up a Debugging Environment
        1. Debugger Selection
        2. Introduction to Debugging
          1. User-Mode Debugging
            1. Application Debugging
              1. DLL Debugging
              2. Kernel-Mode Debugging
                1. Driver Debugging
                  1. System-Level Analysis
                2. Using a Debugger
                  1. x64dbg
                    1. Interface Overview
                      1. Plugin System
                      2. WinDbg
                        1. Command Line Interface
                          1. Debugging Extensions
                          2. GDB
                            1. Command Line Debugging
                              1. GDB Scripts
                              2. Attaching to a Process
                                1. Process Selection
                                  1. Attachment Methods
                                  2. Setting Breakpoints
                                    1. Software Breakpoints
                                      1. Hardware Breakpoints
                                        1. Conditional Breakpoints
                                          1. Memory Breakpoints
                                          2. Stepping Through Code
                                            1. Step Into
                                              1. Step Over
                                                1. Step Out
                                                  1. Run to Cursor
                                                  2. Inspecting Program State
                                                    1. CPU Registers
                                                      1. General Purpose Registers
                                                        1. Special Purpose Registers
                                                        2. Memory Dumps
                                                          1. Stack Memory
                                                            1. Heap Memory
                                                            2. The Stack
                                                              1. Stack Frame Analysis
                                                                1. Local Variables
                                                                2. Call Stack Analysis
                                                                  1. Function Call History
                                                                    1. Return Addresses
                                                                3. Unpacking Malware
                                                                  1. Identifying Packed Executables
                                                                    1. Manual Unpacking Techniques
                                                                      1. Identifying the Original Entry Point (OEP)
                                                                        1. ESP Tricks
                                                                          1. Memory Breakpoints
                                                                          2. Dumping the Unpacked Code from Memory
                                                                            1. Process Dumping Tools
                                                                              1. Manual Memory Extraction
                                                                              2. Rebuilding Import Tables
                                                                                1. Import Reconstruction
                                                                                  1. IAT Rebuilding

                                                                              Previous

                                                                              5. Advanced Static Analysis (Code-Level)

                                                                              Go to top

                                                                              Next

                                                                              7. Analysis of Obfuscated and Evasive Malware