A Novice’s Introduction to Malware Analysis

Hollywood makes cybersecurity look cool. And it is, but it takes so much more work than what they show you. I can think of three sides when it comes to cybersecurity. The first, offensive, you’re doing the hacking. The second, defensive, you’re protecting your assets from malicious intent. And lastly, the policy side where you’re making sure your assets are being updated from vulnerabilities and resources are trained to see offensive attacks.

The project I’m working on along with my team is on the defensive part of the house. We’re analyzing known pieces of malware to understand how they function and if possible, find a prevention. Because we’re dealing with malware, we have to be very careful while working with it. If we’re analyzing a Trojan Horse, then you don’t want to inadvertently run it on your own system. Therefore, my favorite technology so far when first analyzing malware is having a virtual environment to analyze the malware on. If something inadvertently happens, then my personal system is safe. Virtual machines are enclosed boxes that you can load with any operating system you want.

One way they could be made better is by having revisions. Say the malware I’m analyzing does what it’s built to do and causes my virtual machine to become unusable. If I didn’t want to start over from scratch, then I would have needed to make a copy of my virtual machine ahead of time. Deleting the corrupted virtual environment. But if you can instead rollback your virtual machine to previous moment in time, then if something bad happens then I have a way to return to how my machine was before the malware did it’s job.

Print Friendly, PDF & Email






Leave a Reply

Your email address will not be published. Required fields are marked *