Presentation Material

Abstract

This presentation will introduce the basics steps of carrying out static and dynamic analysis on malware using Strings, PE filetype, disassembler and other tools. Diving into the dark waters of dissecting malware will allow the audience to understand how to disassemble malware, identify key strings and process, and track the behavioral triggers once placed in a sandbox. It also highlights the limitation of static analysis and hints at the next phases of analyzing an obfuscated malware. The audience will be able to develop basic SNORT and YARA rule based on the information shared.

AI Generated Summary^{may contain errors}

Here is a summarized version of the content:

The speaker discusses the importance of collaboration in the cybersecurity community to stay up-to-date with antivirus direction and threat groups. They share their experience using Virustotal, a tool that provides extensive details about malware, including its MD5 hash, submission date, and behavior indicators. The speaker also demonstrates the use of Wireshark, a network protocol analyzer, to capture and analyze malware traffic.

The demo shows how to execute a simple malware, capture its traffic using FakeNet, and analyze it using Wireshark. The speaker filters the traffic by DNS protocol and HTTP to identify the domains and URLs being communicated with. They also demonstrate how to export objects from the HTTP traffic, which can help in analyzing malware that downloads executables over HTTP.

The speaker highlights the importance of having a community-driven approach to cybersecurity, where researchers and vendors share their resources and knowledge to stay ahead of threats. They also mention that some tools, like Virustotal, require a paid version for advanced features, such as accessing the community tab.

Overall, the speaker emphasizes the need for collaboration and the use of specialized tools to analyze and understand malware behavior, ultimately helping to improve cybersecurity defenses.