Jump to content
Tuts 4 You

Course about reversing malware


Aldhard Oswine

Recommended Posts

Hmm...

Guess what you need actually is a book to fulfill your hunger :D

Well, you really wanna become a pro... Here you are:

https://technet.microsoft.com/en-us/sysinternals/bb963901.aspx

(BTW, there are courses about Windows Internals in pluralsight too)

This is your first step to get wet in kernel stuff, don't forget to be proficient in C and C++ too... And yeah, IDA pro too.

 

Then, really don't just continue reading and reading... Start reversing any malware you find.

  • Like 1
Link to comment

Hi @Aldhard Oswine ,

Are you looking for free courses or ar eyou ok even if they are paid courses ? If ok with paid, what is your budget ?

Are you planning to do this as a hobby or are you considering taking this up as a profession later in your life ?

Do you prefer books or video tutorials ?

Once you answer these questions we would be in a position to guide you much better.

Good luck :)

EDIT:

Just wanted to add a few thoughts of my own as well.

I'd worked as a Malware Analyst for many years in my younger days, before deciding to setup a company of my own (though not a malware analysis-related company).

I was an "Armchair Reverser" prior to that - I did tons of reading but very little actual practical work. I can say that the only real learning started only when I joined a company and started working together with the other analysts, asking questions and actually doing the stuff.

I think the saying in the pic below sums up what I am trying to say :)

66d1b39d8beab9e73603.jpg

 

Edited by Techlord
  • Like 2
Link to comment
Aldhard Oswine

Thank you @Techlord
Yes, I know the value of practice, but we need help to get the right direction.

It does not matter if it's free or paid, book or video if it's good, please send me a link. I like getting information about the same concept from different sources.

I want to be a professional malware analyst.

I've already read/watched Practical Malware Analysis, RE4B, GREM from SANS, ARES from eLearnSecurity and several papers about ant-debug/analysis etc.

I want to get Intern at some AV company, but I don't know where to start.

Thank you, again.


 

  • Like 1
Link to comment

Since you already watch expensive stuff like SANS, you just need more practice... Where?

I think this will serve as a good way:

https://youtu.be/VI9avdsmIwY

Take EVERYDAY some samples from that channel (thx Xylibox) start working on it and finalize it, then see its video to see how far you got ;)

BTW... It's really a great idea that during practicing you need to check and strengthen your arsenals too:

C How to program (great book) includes both C and C++.

  • Like 2
Link to comment
null_endian

OSwine if all that is true that you've read PMA, and those other courses and books... You shouldn't need any more guidance at all. Of course you won't know it all, but honestly, Practical Malware Analysis alone, if you truly comprehend what you're reading coupled with x86-64 assembly knowledge, and C programming knowledge, has you well on your way. I also recommend Practical Reverse Engineering and you may also want to grab a book on WireShark.

I don't think you understand what you already know, assuming you paid attention and actually learned all that stuff/worked thru all the labs, is very valuable. The thing is, 99% of malware isn't NSA super secret crazy stuff... Much of it is social engineering and pretty basic stuff that you can pick up and classify off of basic dynamic analysis and occasionally you open up a disassembler and OllyDbg when you need to learn more.

The guys above who told you to drop the books and get busy are right. By all means, continuing education is fantastic however, you've done the education part as much as you need right now. Go to Vxvault or some other place, pick up some wild malware, and start analyzing it. When you hit a wall, ask here or go to YouTube and search malware analysis videos. As far as getting a job, that's all you even need to do. Analyze malware, document your findings, write a report, and move on... Keep doing this and publish your work, then submit it when you apply for an internship and bam there you go. This is not a field where you need to be spending thousands of dollars on training and frankly, many of the best people don't even respect that "Training" anyway because places like SANS can be a real rip-off.

Edited by null_endian
  • Like 1
Link to comment

@Aldhard Oswine :

Since you say that you have already studied all the courses and also that you want to a Professional Malware Analyst, I would like to share a few thoughts regarding this :

In any major discipline, like Engineering or Medicine for example, there is only so far that you can go without mentorship and/or guidance from a HUMAN teacher. In other words, books and videos are all very great and you can learn a lot from them, especially if you are dedication and disciplined.

But you'd find that the learning reaches a sort of plateau and you cannot go any further on your own.

That is when you would need a human who knows significantly more than you, in your selected discipline - in this case Malware Analysis to mentor you.

You would need that person(s) to actually assess what you are doing right or wrong, and then further strengthen your strong points while getting rid of your weaknesses if possible.

You can rarely see anyone learn Software Engineering etc ENTIRELY by themselves without ANY human advising and/or teaching them. That is why I'd advise you to not only start DOING practical analysis on your own, but also to get your work assessed and advised upon so that you can further your learning.

One of the best ways to achieve that is to join as a Junior Employee in any good Anti-Virus or such software company that specializes in Malware Analysis. When you start doing the analysis side-by-side wit the experts, thats when you start to learn a LOT. Believe me, its far better than wasting your money on courses - especially since you'd already mentioned that you went through all those books and material.

Joining as an intern is not terribly easy and many ask that you should be a student to be eligible for it ( not sure about your country). Further, it sbetter to join as a employee and get paid something rather than join as an intern, especially if you have some grounding.

If its NOT possible to join any company, then you should consider STRUCTURED LEARNING in an institution - ususally the courses go by the names of Software Security or something like that. Some universities do offer specialized courses in Malware Analysis though in a majority of cases, it forms just a part of a Software Security curriculum.

Tl;Dr :

Simply ensure that you get hold of some human who knows significantly more about this subject than you. Then start doing the practical stuff and get it assessed/commented upon by that person. If possible, try to join an AV Company as even a low paid employee to get hands-on experience.

Good luck :)

 

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...