shizz3r IT tech blog

  Hi again Obviously, today's topic is about advanced dynamic analysis again since I'm still in the same chapter as earlier. But each subsequent task should be harder and I hope that I will learn something new during today's analysis process. So now, let's "jump into catacombs". 

Welcome! Firstly, I have to tell you that the name of the chapter that I'm gonna present to you is confusing. I will not use OllyDbg to solve the exercises since Immunity Debugger is my choice. ImmDbg has a better UI than OllyDbg because it has a dark scheme which is an important configuration for me. Beside it, Immunity Debugger is the same as OllyDbg, therefore, my decision was made because of the impressions of the dark scheme UI. :)  I'm happy that I can use a debugger since it's very useful in case of examining the complex code dynamically. Now I can simply run a debugger on the marked section of the executable code and look at the registers and memory dump - based on this information it's relatively easy to tell what an exemplary complex code really does. After the introduction, let's move on to the malware analysis of the first malicious program from the exercises.

Hello! I have to tell you that this chapter was the best that I've read since the beginning of the book. The information and tricks presented in this part of the amazing lecture made me happy. I'm sure that the labs will be as exciting as the whole chapter and I'm looking forward to solving them. As the title suggests, "Analyzing malicious Windows programs" chapter is all about the Windows OS internals useful primarily for the malware writers and thus for malware analysts too. Without further ado, I bring to you my solutions for the labs. Enjoy!

Hi there! The topic of the labs is fascinating. Recognizing C code constructs in Assembly is useful in malware analysis without any doubt. Therefore I am not going to use Ghidra disassembler since I would like to improve my skills in reading Assembly code, but in the real scenario, I would probably use Ghidra + IDA stack to analyze exemplary malware more quickly. Now I'm inviting you to deep into different malware examples and maybe learn something new with me. As we all know, the best way to learn something is to do this through fun, so I wish you a lot of fun while the malware analysis process just before we start. :)

Hello everyone! Finally, the time has come to improve our malware analysis process with  advanced static analysis  techniques. This type of investigating malicious programs contains reverse engineering of the suspected binaries and for now on we will be able to dig deeper into analyzed malware. I must admit that I missed this aspect before and now I feel free. I'm sure that from this moment malware analysis process will be more interesting as well as challenging. Without further ado, I bring to you my solutions of the advanced static analysis lab done using reverse engineering tool called IDA. So as always I invite you to read my solutions of tasks and wish you have fun while learning new things!

Hello everyone! This time I'm gonna show you how I've solved tasks from  the Basic Dynamic Analysis  chapter. Obviously, these labs are provided by "Practical Malware Analysis" book written by Michael Sikorski and Andrew Honig. Basic dynamic analysis is a good second step in the whole process of researching malware. Basic dynamic analysis techniques can confirm the supposition of what malicious program really does. Of course, this type of examining malware isn't enough to get the whole knowledge about the structure of a malware. I'll describe more techniques as the book advances. Now I invite you to read my solutions and I hope that you'll learn something with me. :) Tools that I use in basic dynamic analysis: Process Monitor, Process Explorer, Regshot, ApateDNS, INetSim, Wireshark. I described them here ->  https://shizz3r.blogspot.com/2020/06/beginning-of-malware-analysis-adventure_19.html

Hello there Finally, the time has come for sharing my solutions to exercises from the excellent book mentioned in the topic of this post. The first chapter states for "Basic static analysis" . This type of malware analysis should be the first to do in the whole process and I think this is also the easiest part of the process. I've decided to simply describe each solution for each lab without any additions before. I'm going to explain everything that I'm doing inside the solution. I hope that this way will be helpful for me and other beginners who are interested in examined malicious programs. Now, I'm inviting you to read my solutions and maybe learn new things with me. :)

Hi all! After dealing with creating a safe environment to analyze malware it's time to introduce tools that are useful for me. I think that most of them are recommended by authors in the book "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software". This lecture is the foundation of my learning way to become good at malware analysis. Firstly, I can show you most of them on the desktop of my main machine: Some tools are good for static analysis of malware and the others are for dynamic analysis. Static analysis is simply exploring a malicious program without running it so it can be done even on the host machine but there is no reason to do it. In dynamic analysis, malware has to run in order to catch important information about our "enemy".

Hello everyone! It was a long time without blogging. I had to learn for a very important test to get into university but now I have some free time, fortunately. About a month ago I decided to get more into malware analysis and found an excellent book to get started, named "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" ( Practical Malware Analysis book ). It's so good for me because of the exercises after each chapter. I think that I can learn malware analysis step by step this way and in my opinion, it will be so much fun. I have to add that this book is from 2012 but I didn't find a better position to learn this kind of "hacking". First of all creating lab for analyzing malware properly and safely is very important. Authors of this book wrote about this thing but I did it on my own. Obviously, I had to read about this kind of stuff. I used several sources to give myself a chance to get a better understanding of the top...