Malware Reverse Engineering Introduction

Get the book chapter here
Real Malware samples for didactic purposes: cancoes de ninar.zip (ask for the password)

Content

File Identification
Strings Identification (with regex)
Disassembly (objdump)
Packing (UPX)
Compilation approaches (dynamic libs, static compilation, blobs)
Dynamic Analysis (strace, ltrace)
Developing a Tracing Solution (ptrace)
Modularity Approaches (Forking)
Anti-analysis Approaches (ptrace detection)
Binary Patching
Rootkits (LDPRELOAD)
Networking (Iptables)
Filesystem Monitoring (Inotify)
Logging (syslog, audit)

Part 1

Basic concepts and examples
2 hours
Federal University of Paraná (2017)
University of Campinas (2018)

Part 2

Protection, Anti-Analysis, Behaviors
2 hours
University of Campinas (2018)

GDB

Extra Material for GDB Debugging
Manual Entry Point Identification
Automated on RevEngE Check Here

SBSEG

Short Course in the XIX SBSEG (Brazilian Security Symposium)
4 hours

SHook

Linux System Call Hooker implementation
Forked code from my co-author Otávio Silva's repository

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
GDB		GDB
Parte1		Parte1
Parte2		Parte2
SBSEG		SBSEG
SHook		SHook
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
cancoes.de.ninar.zip		cancoes.de.ninar.zip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GDB

GDB

Parte1

Parte1

Parte2

Parte2

SBSEG

SBSEG

SHook

SHook

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

cancoes.de.ninar.zip

cancoes.de.ninar.zip

Repository files navigation

Malware Reverse Engineering Introduction

Content

Part 1

Part 2

GDB

SBSEG

SHook

About

Releases

Packages

Languages

License

marcusbotacin/Malware.Reverse.Intro

Folders and files

Latest commit

History

Repository files navigation

Malware Reverse Engineering Introduction

Content

Part 1

Part 2

GDB

SBSEG

SHook

About

Resources

License

Stars

Watchers

Forks

Languages