Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hasherezade/malware_training_vol1

Materials for Windows Malware Analysis training (volume 1)
https://github.com/hasherezade/malware_training_vol1

malware-analysis malware-research windows-malware-analysis

Last synced: about 1 month ago
JSON representation

Materials for Windows Malware Analysis training (volume 1)

Awesome Lists containing this project

README 

        
# malware_training_vol1



Materials for Windows Malware Analysis training (volume 1)



## *🚧 WARNING: work in progress! More material will be added gradually.*



### Content



The goal of this training it to build understanding of various common techniques used by malware. It contains elements of programming as well as reverse engineering, and introduction to some Windows internals concepts. 



It also showcases how various tools (including my own) can be used to achieve particular analysis goals.



### Target audience



This material would fit best to people who already have technical knowledge from surrounding areas: basics of programming and reverse engineering - yet, who want to **enter into the field of Windows malware analysis**.



### License



![Creative Commons BY License](https://licensebuttons.net/l/by/3.0/88x31.png)



This material is published under the [Creative Commons BY License](https://creativecommons.org/licenses/by/4.0/), which means:



> This license lets others distribute, remix, adapt, and build upon your work, even commercially, as long as they credit you for the original creation.

> 



### Noticed an error?



If you noticed any error in this material, please report it in the [Issues](https://github.com/hasherezade/malware_training_vol1/issues)



### Need help in a task?



If you need help in any of the exercises, or have additional questions, you can share it in [discussions](https://github.com/hasherezade/malware_training_vol1/discussions)



## Covered topics vs planned



#### Module 1



| Slides  | Exercises | Topic

|------------|------|---

| :heavy_check_mark:      | :heavy_check_mark:  |  compilation

| :heavy_check_mark:      | :heavy_check_mark:   |  PE

| :heavy_check_mark:      | :heavy_check_mark:    |  Process

| :heavy_check_mark:      | :white_medium_square:    |  WoW64

| :heavy_check_mark:      | :heavy_check_mark:    |  shellcode

| :white_medium_square:      | :white_medium_square:    |  code injection

| :white_medium_square:/:heavy_check_mark:      | :white_medium_square:/:heavy_check_mark:   |  PE loaders



#### Module 2



| Slides  | Exercises | Topic

|------------|------|---

| :heavy_check_mark:      | :white_medium_square:    |  Malware missions & tactics (intro)

| :heavy_check_mark:      | :white_medium_square:    |  hooking

| :heavy_check_mark:      | :white_medium_square:    |  persistence

| :white_medium_square:     | :white_medium_square:    |  UAC bypass

| :heavy_check_mark:     | :white_medium_square:    |  Banking trojans

| :white_medium_square:     | :white_medium_square:    |  RATs

| :white_medium_square:     | :white_medium_square:    |  Ransomware

| :white_medium_square:     | :white_medium_square:    |  Lateral movements



#### Module 3



| Slides  | Exercises | Topic

|------------|------|---

| :heavy_check_mark:     | :white_medium_square:    |  Evasion and self-defence (intro)

| :white_medium_square:/:heavy_check_mark:     | :white_medium_square:    |  Fingerprinting

| :white_medium_square:     | :white_medium_square:    |  String obfuscation

| :white_medium_square:     | :white_medium_square:    |  Imports obfuscation

| :white_medium_square:     | :white_medium_square:    |  Flow obfuscation

| :white_medium_square:     | :white_medium_square:    |  Malware antihooking

| :white_medium_square:     | :white_medium_square:    |  Review of approaches to deobfuscation

| :white_medium_square:     | :white_medium_square:    |  Kernel-mode malware components