website-zola/content/blog/2024-08-28-practical-malware-analysis.md
2024-09-06 16:43:10 +02:00

3.4 KiB

+++ title = "I want to learn malware analysis (again)" [taxonomies] tags = ['malware analysis', 'programming', 'reverse engineering'] +++

The heading says it all: I really want to learn malware analysis. Ever since I finalized the Practical Malware Analysis & Triage course by TCM Security, I was hooked. I 💚loved💚 the entire course, especially diving deep into binaries, (trying) reverse engineering, debugging. I went through all the material, did the labs and wrote up a report, a (very shallow) static and dynamic analysis of a WannaCry-sample. I found my niche (or so I thought...)

Rabbit holes

One thing that bothered me throughout the course, was the lack of direction and stable ground when investigating and debugging binaries. I found myself stuck reverse engineering functions that were not user written code (C runtime for example). I got close to a particularly interesting part, stepping into and over functions, all to ultimately never reach that goal of finding a specific return value or determining a critical execution flow junction. So I thought to myself: what's the best way to learn how programs work, and flip them inside out? By building them myself! With that motivation, I dove deep back into Python 🐍, thinking, this will be a good starting ground to hop over to C 🖥️ later. But...I think I got stuck at the first step! 🛑 Over the last year, I got really hooked on programming. Some of the stuff I (partially) made:

  • A Flask website to look up individual URLs, websites, IP addresses and email addresses for general security analysis purposes. (Code and screenshots here).
  • A command-line interface tool that does the same, without the upload feature. I still need to add relevant emphasis on certain values and legend explanations. The tables are drawn with the rich module. (Code and screenshots here)
  • Finally, the same idea, now in a Tkinter GUI app. I'm currently reimplementing the basically functioning app into classes for the main app and the frames, which is proving quite challenging. (Code and screenshots here)

Refocused (with more experience)

Trying to get back into malware analysis, malware study in general, has been really difficult for the past couple of weeks: the Practical Malware Analysis-book I was working with feels entirely foreign (I also can't get the labs to properly function, as it's all Windows XP-based and the executables don't do what the book says). After some frustrated attempts, I will now refocus on my two main interests in the field of malware: developing 🏗️ and reverse engineering 🖥️ .

Developing I hope to do with my brand-new lifetime access to Maldev Academy. Reverse engineering by reading and practicing along with the (so far very practical) book Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation. I hope to post any notes or blog posts about my progress here.