Happy New Years! As part of the new year, let’s make an effort to make your defensive posture better, especially through quicker and more effective malware analysis! A few years ago I created a sample malware analysis sandbox script to use for the analysis and reverse engineering that I performed on a daily basis. Let’s …
A Walkthrough for FLARE RE Challenges
The FireEye Labs Advanced Reverse Engineering (FLARE) challenge was causing a bit of a buzz when it was announced and launched in early July. It read like a recruitment campaign for a new division within FireEye, but still a fun challenge to partake in. The challenge started … and I was on-site at a client …
Malware with No Strings Attached Part 2 – Static Analysis
In the previous post I showed some dynamic analysis procedures for a variant of a trojan known to Symantec as Coreflood. Based on the dynamic analysis, we discovered that the analyzed sample contained very few strings of use. It decrypted an embedded executable, which was injected into memory for execution. It dropped an encrypted file to …
Malware with No Strings Attached Part 1 – Dynamic Analysis
I had the honor of lecturing for Champlain College’s graduate level Malware Analysis course this week. One of the aspects of the lecture was showing off dynamic analysis with my Noriben script and some of the indicators I would look for when running malware. While every malware site under the sun can tell you how …
Malware Analysis: The State of Java Reversing Tools
In the world of incident response and malware analysis, Java has always been a known constant. While many malware analysts are monitoring more complex malware applications in various languages, Java is still the language of love for drive-by attacks on common end-users. It is usually with certainty that any home user infection with malware such …