Malware Analysis

  1. Specialized Malware Analysis
    1. Document-Based Malware
      1. Malicious Macros (VBA)
        1. Macro Extraction
          1. olevba Tool
            1. Manual Extraction
            2. Macro Deobfuscation
              1. String Concatenation
                1. Variable Substitution
                2. Auto-Execution Methods
                  1. AutoOpen
                    1. Document_Open
                  2. PDF Exploits
                    1. PDF Structure Analysis
                      1. Embedded Scripts
                        1. JavaScript in PDFs
                          1. ActionScript
                          2. Exploit Techniques
                            1. Buffer Overflows
                              1. Use-After-Free
                            2. Shellcode in Documents
                              1. Shellcode Extraction
                                1. Hex Dump Analysis
                                  1. Pattern Recognition
                                  2. Shellcode Analysis
                                    1. Disassembly Techniques
                                      1. Payload Identification
                                  3. Script-Based Malware
                                    1. PowerShell
                                      1. Script Deobfuscation
                                        1. Base64 Decoding
                                          1. String Manipulation
                                          2. Malicious Module Identification
                                            1. Empire Framework
                                              1. PowerSploit
                                              2. Execution Policy Bypass
                                              3. VBScript
                                                1. Script Analysis Techniques
                                                  1. Variable Tracking
                                                    1. Function Analysis
                                                    2. WScript and CScript Execution
                                                    3. JavaScript
                                                      1. Obfuscation and Deobfuscation
                                                        1. Variable Renaming
                                                          1. String Encoding
                                                          2. Browser-Based Attacks
                                                            1. Node.js Malware
                                                          3. Mobile Malware
                                                            1. Android (APK) Analysis
                                                              1. APK Structure
                                                                1. AndroidManifest.xml
                                                                  1. classes.dex
                                                                    1. Resources
                                                                    2. Decompiling DEX files
                                                                      1. dex2jar
                                                                        1. jadx
                                                                          1. apktool
                                                                          2. Analyzing Android Manifests
                                                                            1. Permissions Analysis
                                                                              1. Intent Filters
                                                                                1. Components Declaration
                                                                                2. Permission Analysis
                                                                                  1. Dangerous Permissions
                                                                                    1. Custom Permissions
                                                                                    2. Embedded Native Libraries
                                                                                      1. ARM Assembly
                                                                                        1. JNI Analysis
                                                                                      2. iOS (IPA) Analysis
                                                                                        1. IPA Structure
                                                                                          1. Info.plist
                                                                                            1. Binary Analysis
                                                                                            2. Static Analysis Tools
                                                                                              1. class-dump
                                                                                                1. otool
                                                                                                2. Dynamic Analysis Tools
                                                                                                  1. Frida
                                                                                                    1. Cycript
                                                                                                3. Rootkit Analysis
                                                                                                  1. User-Mode Rootkits
                                                                                                    1. API Hooking
                                                                                                      1. DLL Injection
                                                                                                        1. Hooking Techniques
                                                                                                        2. Kernel-Mode Rootkits
                                                                                                          1. Driver Analysis
                                                                                                            1. Driver Loading
                                                                                                              1. SSDT Hooking
                                                                                                              2. Kernel Hooking
                                                                                                                1. Inline Hooking
                                                                                                                  1. IRP Hooking
                                                                                                                2. Hooking Techniques
                                                                                                                  1. Import Address Table (IAT) Hooking
                                                                                                                    1. IAT Modification
                                                                                                                      1. Function Redirection
                                                                                                                      2. Export Address Table (EAT) Hooking
                                                                                                                        1. Export Forwarding
                                                                                                                        2. Inline Hooking
                                                                                                                          1. Code Patching
                                                                                                                            1. Trampoline Functions
                                                                                                                        3. Ransomware Analysis
                                                                                                                          1. Identifying Encryption Routines
                                                                                                                            1. Symmetric Encryption
                                                                                                                              1. AES
                                                                                                                                1. DES
                                                                                                                                  1. RC4
                                                                                                                                  2. Asymmetric Encryption
                                                                                                                                    1. RSA
                                                                                                                                      1. ECC
                                                                                                                                    2. Analyzing Key Exchange and Management
                                                                                                                                      1. Key Generation
                                                                                                                                        1. Key Storage
                                                                                                                                          1. Registry Storage
                                                                                                                                            1. File Storage
                                                                                                                                            2. Key Transmission
                                                                                                                                              1. C2 Communication
                                                                                                                                            3. Tracing Ransom Payment Methods
                                                                                                                                              1. Cryptocurrency Wallets
                                                                                                                                                1. Bitcoin Addresses
                                                                                                                                                  1. Monero Addresses
                                                                                                                                                  2. Payment Infrastructure
                                                                                                                                                    1. Tor Hidden Services
                                                                                                                                                      1. Payment Portals

                                                                                                                                                Previous

                                                                                                                                                7. Analysis of Obfuscated and Evasive Malware

                                                                                                                                                Go to top

                                                                                                                                                Next

                                                                                                                                                9. Memory Forensics in Malware Analysis