You need to learn how to program to advance your malware analysis skills, but don’t know where to start. This post will outline what aspects you should focus on to have a direct and immediate impact on your ability to reverse engineer malware so that you don’t waste time on concepts with very little return on investment. If you don’t know which programming languages you should learn, see our previous post that answers that question, “Best Programming Languages To Learn For Malware Analysis”.

Continue reading “Required Programming Concepts To Learn For Malware Analysts”

Learning to program is a necessary requirement to advance your malware analysis skills, but there are dozens of languages and it’s hard to know where to start. This post will detail the fundamental programming languages you should focus on along with the reasons why so you can start your malware reverse engineering education.

Continue reading “Best Programming Languages To Learn For Malware Analysis”

NOTE: This article may be updated as new resources are identified

Reverse engineering is a broad field with many niche specialities. There’s a lot of information out there to help you get started, but often hard to find. This article will provide a list of resources you can use to help build your malware analysis skills. It won’t attempt to list every resource available, but will focus on just a few references in each category so you don’t get overwhelmed with redundant choices.

Continue reading “Resources For Learning Malware Analysis”

Today, we will review the primary approaches to malware analysis.  Each approach is discussed and compared to one another to try and understand when you should use each method and why.  We will show why the deep dive analysis approach is generally the most optimal and spend most of our time discussing this methodology.  You should come away with the knowledge of how to appropriately apply the deep dive analysis strategy to any file and tips on how to learn this skill even if you have limited training time.

Continue reading “The Deep Dive Malware Analysis Approach”

These settings are current for Ghidra version 10.0.3

Ghidra is a free open source disassembler that allows you to inspect binaries at the assembly level to determine functionality.  A disassembler is an essential tool in any malware reverse engineer’s toolbox. Ida Pro is the industry standard disassembler, but is very expensive which makes it infeasible for most analysts trying to break into the field.  Ghidra is a powerful tool that is great for just starting out before you want to invest in Ida Pro. The only downside is that many of the default user interface options in Ghidra are less than optimal. We will discuss a few tools settings to change which makes the user interface significantly better.

Continue reading “Helpful Configurations For Ghidra”

Reverse Engineering (RE) malware requires a special lab to ensure your production environment doesn’t get infected.  This can be accomplished by having dedicated computers on an air gapped network, or more commonly through the use of virtual machines (VM’s).  We will discuss how to setup a dedicated malware analysis lab using virtual machines and all free tools.

Continue reading “How To Build A Malware Analysis Lab”