Malware Analysis: Identifying and Defeating Code Obfuscation

Focused View

Josh Stroschein

2:22:30

18 View

00. Course Overview

00. Course Overview.mp4

01:57

01. How Obfuscation Affects Your Analysis

00. Module Introduction.mp4

00:48

01. Understanding Code Obfuscation.mp4

03:01

02. How Obfuscation Impacts Analysis.mp4

07:19

03. What You Should Know.mp4

03:30

04. Conclusion.mp4

00:48

02. Detecting and Defeating Code Obfuscation in Interpreted Code

00. Module Introduction.mp4

00:50

01. Prevalent Obfuscation Techniques.mp4

04:21

02. Obfuscation in Visual Basic for Applications (VBA).mp4

08:40

03. Demo - Defeating VBA Obfuscation.mp4

08:32

04. Obfuscation in PowerShell.mp4

02:25

05. Demo - Defeating PowerShell Obfuscation.mp4

06:59

06. Lab - Performing Comprehensive Analysis.mp4

06:34

07. Conclusion.mp4

01:24

03. Detecting and Defeating String Obfuscation in Native Code

00. Module Introduction.mp4

00:38

01. Differences from Interpreted Code.mp4

03:53

02. String Obfuscation.mp4

05:28

03. Demo - Identifying String Obfuscation.mp4

07:10

04. Lab - Defeating String Obfuscation.mp4

08:55

05. Conclusion.mp4

00:50

04. Detecting and Defeating Function Obfuscation in Native Code

00. Module Introduction.mp4

00:55

01. Constructing an Import Table.mp4

01:46

02. Walking the PEB, Parsing a PE.mp4

08:57

03. Demo - Dynamic API Resolution.mp4

07:49

04. Lab - Tracing Import Table Construction.mp4

08:42

05. Conclusion.mp4

00:40

05. Identifying Malware Use of Cryptography

00. Module Introduction.mp4

00:36

01. Purpose of Cryptography in Malware.mp4

07:00

02. Tools to Help Identify Use of Cryptography .mp4

04:01

03. Demo - Finding Cryptography.mp4

08:22

04. Lab - Analyzing Malware That Uses Cryptography.mp4

04:37

05. Conclusion.mp4

00:43

06. Leveling up Your Skills

00. Module Introduction.mp4

00:23

01. What You Learned.mp4

02:08

02. Leveling up Your Skills.mp4

01:30

03. Conclusion.mp4

00:19

Description

Malware authors routinely utilize obfuscation techniques to complicate the analysis of their code. This course will teach you techniques for identifying and defeating code obfuscation so that key characteristics and behaviors can be identified.

What You'll Learn?

Malware authors will routinely utilize obfuscation techniques to complicate the analysis of their code. These techniques can prevent the discovery of important indicators of compromise and limit the ability to determine malware functionality. In this course, Malware Analysis: Identifying and Defeating Code Obfuscation, you will gain the skills necessary to not only identify prevalent obfuscation techniques, but also how to effectively defeat them. First, you will see how obfuscation will affect your analysis and effective strategies for defeating a variety of obfuscation methods. Next, you will explore how to identify and detect obfuscation techniques in interpreted code. This includes software routinely abused by malware authors such as Powershell and Visual Basic for Applications. You will next be able to expand your skills by learning about code obfuscation in native code. Finally, you will discover how malware authors use cryptography for obfuscation and ways to detect it. Each module of this course will include detailed demonstrations and hands-on labs that will allow you to analyze real-world malware. You will be going deep into malware obfuscation techniques with such tools as IDA Pro and WinDbg. By the end of this course, you will have the knowledge and skills to effectively tackle obfuscation!

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Penetration Testing

Josh Stroschein

Instructor's Courses

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.