-
June 21st, 2008, 03:25 PM
#1
Junior Member
Malware Analysis - Top 3 Tools & Techniques Every Whitehat Hacker Should Know About!
I wrote an article for ezine not published yet it only 300 hundred words, so I thought I might aswell post it here for the kind members of antionline. Its no advance paper or anything just a simple guide, so no flaming please im a beginer myself.
Malware Analysis - Top 3 Tools & Techniques
Every Whitehat
Hacker Should Know About!!
In this article you will learn the top 3 techniques along with the top 3 tools needed to analyze and dissect malware successfully.
“Malware”
What is Malware? Well Malware is coined from the two words malicious and software. Malware refers to Spyware, Trojans, Bots, Viruses, Hijackers and other pieces of software with malicious intent.
Some prequisites, make sure you can program in C and understand C in a deep level another thing which is key is Assembley. Make sure you know the assembley architecture for the system your trying to reverse engineer under.
Vmware an excellent tool allows you to run multiple operating systems on one computer through a virtual interface. You can install Windows XP on the virtual computer and then run the malicious code on that virtual machine. This will provide you with safety from the malware and it also means cutting costs as you won’t have to sacrifice a computer for the analysis.
OllyDbg a superb assembly level debugger it can analyze binary code on the fly which is excellent especially when the source code is not available. When doing malware analyzes the source code is almost never available. This tool will help you work out how the malware works and what it does.
Wireshark the best network traffic analyzer in my opinion. Malicious programs almost always cause some sort of network traffic and you want to be able to decode what this traffic is. It might be a password being sent to an IRC server to join a channel, it might even be that text file you stored on your desktop as passwords.txt. Have your network analyzer setup before you run the malicious code that way you won’t miss a single packet.
With these 3 tools and techniques you should now be able to successfully dissect the malware, understand what it does and be able to protect your system from it.
================================
Author (c) Billy – All rights reserved
================================
http://www.softhardware.co.uk
-
June 21st, 2008, 07:31 PM
#2
As i understand
It is three parts:
1) do analyse of malware in the virtual enviroment
Wiki: http://en.wikipedia.org/wiki/Virtual_machine
2) debugg and monitoring of runing processes
http://en.wikipedia.org/wiki/Debugger
3) network sniffing
http://en.wikipedia.org/wiki/Packet_sniffer
It is alot of other software that can be used.
As diskimaging software, disassembler, instruction preventaion software.
Use herustic alalys and Instruction preventation software to protect and test protection against differnt kind of malware.
-
June 21st, 2008, 07:51 PM
#3
Junior Member
http://www.softhardware.co.uk
Similar Threads
-
By tenzenryu in forum The Security Tutorials Forum
Replies: 7
Last Post: July 11th, 2005, 03:57 AM
-
By Aden in forum AntiOnline's General Chit Chat
Replies: 13
Last Post: April 28th, 2004, 03:40 PM
-
By Anatra in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: March 31st, 2003, 12:48 PM
-
By -DaRK-RaiDeR- in forum Newbie Security Questions
Replies: 9
Last Post: December 14th, 2002, 08:38 PM
-
By TURBOWEST in forum The Security Tutorials Forum
Replies: 4
Last Post: September 23rd, 2002, 05:46 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|