Deobfuscations, disassembly, shellcode analysis and beyond
What you'll learn
- Writing Python deobfuscation tools for AutoIt scripts.
- Crafting efficient regular expressions to reduce tens of thousands of lines of obfuscated code down to manageable hundreds.
- Basic functional programming concepts, to help us write elegant and cleaner code.
- In-depth shellcode analysis, including extracting and reproducing find-by-hash function resolution algorithms.
- Multiple in-the-wild techniques for bypassing anti-viruses.
- Discovering a cryptanalysis flaw, and use it to recover an encrypted payload.
- Basic steganography tricks.
- Reverse engineering a couple of process injection techniques, known and unknown ones.
- In-depth Metasploit shellcode deobfuscation and reversing.
- Windows 8.1 virtual machine
- Install all the analysis tools
- The will to learn
This course is logically designed to guide students gradually through some of the complicated parts of static and dynamic analysis of real-world malware. Instead of covering the topic broadly on the surface, we will take all the ramifications presented to us by the sample and use them as opportunities to deep dive and learn.
During our investigations we will cover a lot of adjacent topics. We will write Python deobfuscation scripts, embed assembly algorithms into C++ libraries, analyse steganography tricks and encryption flaws and many many more.
The course is very practical and exercises have been designed and tested for an updated Windows 8.1 operating system. There are no pre-requisites for this class other that a Windows virtual machine and the will to learn. All the 3rd party tools discussed are freely available online. Familiarity with Python and C/C++ is beneficial because these two are heavily used throughout the modules.
- To get the most out of this course, I recommend doing all the assignments.
- All the 6 practical assignments can be solved using information from the course.
- There are no solutions provided, because I believe we learn best by doing.
- I'm asking each student to send in their solutions to all the exercises at the end of the course.
- If you stumble or have any questions, I'm more than happy to help anytime. Reach out directly or via the Q&A section.
- Feel free to discuss the assignments with other students in the Q&A section, but please don't post the solutions or answers online.
- Security testers
- Malware analysts
- Forensics investigators
- System administrators
- Information security students
- rested in information security in general and reverse engineering in particular