It is very important to inspect the capabilities of a malicious software, also called malware. This is in order to understand its effect and hence take necessary steps to prevent it. However, an Information Technology (IT) team cannot simply test such effects on the real system, which could result in a disaster for the entire system.
Questions about the mechanism of the malware, what it really does, and its effects are all of the main concerns to the IT team. Hence, a controlled environment is necessary to perform any required examinations on a particular malware. The following steps elaborate on some free and necessary toolkit for any IT security team. It makes teams capable of facing any security incident on a Windows operating system, which is commonly prone to malware exploitation.
There are some available utilities –all free– that one could harness to monitor the infected system behavior. This depends on the type of monitoring desired. Installation of one of the following tools on the test machine is necessary before infecting it with the malware.
The previous tools might be able to analyze the behavior, but it does not touch the problem from its roots. Analyzing the malicious code could lead to a more interesting result. Despite the fact that it is difficult to access the source code of the executable malicious file, there are some tools that can assist in this process.
Scylla and OllyDumpEx: These tools are helpful when dealing with packed executables which could not be disassembled. Instructions of such executables are often encoded and encrypted, and are only extracted into Ram when running. A dump file will be created having the protected code.
Fill out this form to sign up for the class.
If you know that you are interested in this class as well as other InfoSec classes then you should consider the unlimited classes package for $49.99 per month. You can find out more about it by clicking on the link below:
NOTE: Due to Joe McCray’s travel and work schedule (ex: short notice consulting/training engagements or changes to those ) classes may reschedule or cancel. In these situations a refund will be granted as the class will usually re-run the following week, or additional days will be added to the class schedule to make up for this.