Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! скачать в хорошем качестве

Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis!

My gift to you all. Thank you 💜 Husky 🔬 Practical Malware Analysis & Triage: 5+ Hours, YouTube Release This is the first 5+ house of PMAT, which is my course that is available on TCM Security Academy. The full course is 9 hours of high quality videos, practical labs, and challenges to learn the art and science of malware analysis. 📝 FULL COURSE: https://bit.ly/tcm-pmat-affil If you use my affiliate link above to purchase the course, I receive more of the revenue for the course. Thanks for supporting me as a content creator! 📡 Course Discord Head on over to the HuskyPack for access to the course server! Use the link below to join the server. Please read the rules carefully. Once you have joined and accepted the rules, head to the role channel and select the PMAT-student role to get access to the PMAT channels. Link:   / discord   Please note: you will have to wait at least 10 minutes before you can send any messages in the server. This is to guard against bot invasions! 📝MY BLOG: https://notes.huskyhacks.dev 🐦TWITTER:   / huskyhacksmk   👾GITHUB: https://github.com/HuskyHacks -------------------- Timestamps 00:00-05:55 - Intro & Whoami 05:55-08:26 - Download VirtualBox 08:26-10:26 - Download Windows 10 10:26-18:44 - Set Up Windows 10 VM 18:44-19:55 - Download REMnux 19:55-23:36 - Import REMnux 23:36-30:55 - Download and Install FLAREVM 30:55-38:22 - Set up the Analysis Network 38:22-51:38 - Set up INetSim 51:38-55:39 - Course Lab Repo & Lab Orientation 55:39-57:07 - Snapshot Before First Detonation 57:07- 1:03:06 - First Detonation 1:03:06-1:08:12 - Tool Troubleshooting 1:08:12-1:22:27 - Safety Always! Malware Handling & Safe Sourcing 1:22:27-2:13:20 - Basic Static Analysis 2:13:20-3:38:53 - Basic Dynamic Analysis 3:38:53-3:40:52 - INTERMISSION! 3:40:52-4:00:58 - Challenge 1 SillyPutty Intro & Walkthrough 4:00:58-4:58:07 - Advanced Static Analysis 4:58:07-5:28:56 - Advanced Dynamic Analysis 5:28:56-5:50:52 - Challenge 2 SikoMode Intro & Walkthrough 5:50:52-5:52:42 - Outro, Thank You! ------------------- Errata & Course Notes 📺 Downloading Windows 10 Update 5/25/22: The Microsoft Eval Center was down for most of the month of May, but it is back! You can find the Windows 10 image for this course here: https://www.microsoft.com/en-us/evalc... The website looks different than how it appears in the course video, but the ISO is now available there. Select the 64-bit image. 📺 Installing REMnux Around the 21:33 mark of the video, I start issuing commands to install the VirtualBox VM Tools on REMnux. In newer distros of REMnux, the VM Tools are installed automatically! So you may not have to issue the CD-ROM mount commands and run the auto-installer script. Check if your VM Tools are installed by minimizing and maximizing the screen of the REMnux guest OS. If the screen resolution changes to fit the size of your monitor, the VM Tools are already installed and you can skip the install instructions. 📺 Course Lab Repo Link The labs for this course are available here: https://github.com/HuskyHacks/PMAT-labs This repo has all of the malware needed to complete this course. Please use this link and view the next video, "Course Lab Repo Download & Lab Orientation" for instructions on how to get started with the repo. 📺 Detonating Our First Sample Please Note: For this detonation, turn off INetSim before detonating. WannaCry will not detonate if INetSim is running. 📺 Strings & FLOSS: Static String Analysis Tip: FLOSS can be run with the "-n" argument to specify your desired minimum string length. Sometimes, longer strings can be more useful to an analyst than your standard string of len(4). 📺 Combining Analysis Methods: PEStudio The newer versions of PEStudio do not come installed by default in FLARE-VM anymore. Please use the official Winitor download link to download PEStudio and transfer it to FLARE-VM: https://www.winitor.com/download2 📺 Advanced Analysis of a Process Injector During the Advanced Static Analysis section, I made an error regarding different values that are moved in and out of EAX during the set up for the process injection. In short, I say that PID of an injected process is stored in EAX first, then moved into EDI after the call to OpenProcess returns. This is not technically true: what is returned to EAX after the OpenProcess call is not the PID of the process, but the handle to that process. TL;DR: once a process injector can get a handle to a process, it can use the handle with all of its remaining API calls to perform the injection. -------------------- Misc 🎵 Jazzy Bossa Nova song: Canal 3 by Quincas Moreina, available for free on the YouTube Audio Library    / @quincasmoreira