Scribd
Upload
70 views22 pages

Introduction To Malware Analysis and Reverse Engineering: Presented by Omar Ashraf Nasr Ieee Alex CSC 9/8/2024

The document is a presentation on malware analysis and reverse engineering by Omar Ashraf Nasr, covering key concepts such as the definition of malware, the role of malware analysts, and various analysis techniques. It discusses the importance of reverse engineering, necessary skills for entering the field, and potential career opportunities in malware analysis. The presentation also emphasizes the value of practical experience through Capture The Flag (CTF) competitions and community involvement.

Uploaded by

john.reeis77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
70 views22 pages

Introduction To Malware Analysis and Reverse Engineering: Presented by Omar Ashraf Nasr Ieee Alex CSC 9/8/2024

The document is a presentation on malware analysis and reverse engineering by Omar Ashraf Nasr, covering key concepts such as the definition of malware, the role of malware analysts, and various analysis techniques. It discusses the importance of reverse engineering, necessary skills for entering the field, and potential career opportunities in malware analysis. The presentation also emphasizes the value of practical experience through Capture The Flag (CTF) competitions and community involvement.

Uploaded by

john.reeis77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

Introduction to

Malware Analysis and


Reverse Engineering

Presented by Omar Ashraf Nasr


IEEE Alex CSC
9/8/2024
WhoamI?

Omar Ashraf How I start in this


Nasr field?
• Fourth-year Computer Engineering Student, Started from about 1 year when I
Alexandria University. participated In the ICMTC CTF 2023.

• Vice Head, IEEE SSCS Alex SC Cybersecurity


Committee.
• Malware Analyst Intern, Cyber Cohesion. Contact Me
• 2nd Place, ICMTC-CSC Final (July 2024). LinkedIn: Omar Ashraf
Whoami page (omara4raf.github.io)
• Black Hat MEA CTF Finalist (November 2023).
• Reverse Engineer & Malware Analyst
Member at CAT Reloaded.
What it the malware and its types?

The role of the malware analyst.

The The steps of malware analysis.


Objective
s is to What is reverse engineering?

understa Why we do reverse engineering?

nd the What you need to know to start in this field?


following
Career Opportunities in Malware Analysis.

Q&A and Closing.


What it the malware
and its types?

Malware (malicious software) refers to any


software intentionally designed to cause
harm to a computer, server, client, or
network.
What it the malware and its
types?
What it the malware and its
types?
What it the malware and its
types?
The role of the malware
analyst.

Malware analysts work to understand the


capabilities of the malware to mitigate risks and
minimize its impact on systems and networks.

But the question is why we need a malware analyst if we


already infected?
• We need to know the information
accessed by the attacker
why we need (passwords, secret info).
• Intents of the attacker to evaluate
a malware the risk (ad-ware, steel secret
info), and we can know these
analyst if we Intents by view the communication
between malware and the

already attacker.
• Malware analyst maybe work in an
infected? anti-virus company so they need
to analyze the malware to reduce
risk on companies which not
affected yet.
The steps of malware analysis
Basic Static Analysis

• Confirm whether a file is malicious or not.


• Provide info. about its functionality.
• Provide info. to produce simple network
signatures.

• Straightforward and quick. ✅


• It's not effective with all malware. ❌
• It doesn't reveal the full extent of the malware's
capabilities. ❌
Basic Dynamic Analysis

• Running the malware in safe and isolated lab


environment. Observing its behavior on the system.
• Remove the infection.
• Produce effective signatures.

• Can be used by most people without deep


programming knowledge. ✅
• It's not effective with all malware. ❌
• It doesn't reveal the full extent of the malware's
capabilities. ❌
Advanced Static
Analysis

Loading the executable into a


"disassembler", and looking at the
program instructions which executed
by the CPU.
• It tells you exactly what the program
does. ✅

• It requires knowledge of disassembly,


code constructs Windows OS concepts
and internals. ❌

• It takes much longer time than basic


static analysis. ❌
Advanced Dynamic Analysis

Using a debugger to examine the internal


state of the malware while it is running.
with the ability to modify its execution
path and state.

Extract detailed information from the


malicious executable. ✅
What is reverse engineering?

Reverse engineering is the understanding of the internals of


something made by a human, through analysis, without having
access to its design principles and the way its components
interact with them in order to make it work.

In other words, it's the process of taking apart something that


someone else built and understanding how he did it, partially or
completely, so that you are able to make something on your own that
can achieve the same purpose.
What is reverse engineering?
• Replicating Hardware: Understanding how
physical devices are built, enabling the creation of
replicas or alternatives, often in the tech or
manufacturing sectors.
• Removal of copy protection, circumvention of
access restrictions.
• Vulnerability Discovery: It’s often used to
discover bugs or vulnerabilities in software, allowing
security researchers or developers to fix these
issues before they are exploited by attackers.
• Extremely useful when you lost documentation.
• Competitive technical intelligence (understand
what your competitor is actually doing, versus what
they say they are doing).

Why we do reverse engineering?


Anti-RE Techniques

Anti Debugging: (Using windows API isDebuggerPresent, Timing checks, Identifying


breakpoints)

Anti-Vmware: (MAC Address)

Anti-vitualbox: (Process, MAC Address)

Sandbox: (Mouse Activity, Username, Disk space)


Programming Basics (problem solving is
recommended) : C Programming & Data Structures

Network basics: you can go with comptia network+


content.

What you Basics of cryptography.

need to know Assembly Code:


OpenSecurityTraining2+Arch1001_x86-64_Asm

to start in this Operating Systems basics: Operating Systems

field? Practical Malware Analysis book. (Malware Analyst (


maharatech))

Analysis real malwares with Oalabs: OALabs - YouTube

Then create your own blog and publish your own


analysis.
Career
Opportunities in
Malware Analysis.

Antivirus companies (Kaspersky,


TrendMicro).
CERT(EGCert, PLCert).
Incident Response companies.
FAANG companies (Facebook,
Amazon, Google).
Advice may help you

• Do CTFs as much as you can. (The Flare-On Challenge).


• Join a community to help you.
Thank You
Any
Questions?

You might also like