Analyzing Malware for .NET and Java Binaries

This course will teach the basics of Java and .NET runtimes, introduce tools and techniques for effectively reverse engineering these binary types, show you how to identify indicators of compromise, and get hands-on with real world malware.
Course info
Rating
(11)
Level
Intermediate
Updated
Apr 17, 2018
Duration
1h 42m
Table of contents
Description
Course info
Rating
(11)
Level
Intermediate
Updated
Apr 17, 2018
Duration
1h 42m
Description

The ability to quickly and effectively analyse a wide variety of malware is a critical skill for anyone performing incident response, working in a security operations center (SOC), or analyzing malware. In this course, Analyzing Malware for .NET and Java Binaries, you will gain the skills necessary to effectively analyze Java and .NET malware. First, you will learn how .NET and Java binaries differ from other malware. Next, you will learn the tools, techniques, and workflows necessary to reverse engineer these types of binaries. Finally, you will apply everything you learned through hands-on labs in which you will analyze real-world malware. When you are finished with this course, you will have the knowledge and skills necessary to analyze .NET and Java binaries, giving you the ability to effectively investigate a wider variety of malware.

About the author
About the author

Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering and penetration testing.

More from the author
Getting Started with Reverse Engineering
Beginner
3h 40m
29 Aug 2018
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Dr. Josh Stroschein, and I want to welcome you to Analyzing Malware for. NET and Java Binaries. I am an Assistant Professor at Cyber Security at Dakota State University, senior security researcher at VDA Labs and malware analyst for Bromium. Java and. NET are commonly used by malware authors to attack our users and our computing resources. They can be used to deliver ransomware, trojans, and other information-stealing malware. In this course, we are going to learn how to quickly and effectively reverse engineer. Net and Java binaries. Some of the major topics that we will cover include how. NET and Java binaries differ from other malware, and how you could use these differences to your advantage when reversing, understand the role that the. NET framework and Java runtime play, as well as bytecode and how this will impact your analysis, learn how to master the tools needed to reverse engineer. NET and Java binaries and be able to perform exhaustive static and dynamic analysis, and finally, be able to identify and extract indicators of compromise, and use those to better protect your organization and its computing resources. By the end of this course, you will have the knowledge and skills necessary to analyze. NET and Java binaries, giving you the ability to effectively investigate a wider variety of malware. Before you begin the course, you should be familiar with the fundamentals on malware analysis. I hope you'll join me on this journey and learn how to reverse engineer malware with Analyzing Malware for. NET and Java Binaries at Pluralsight.

Introduction
Welcome to Analyzing Malware for. NET and Java Binaries. My name is Dr. Josh Stroschein, and I'll be your guide for this course. In this course, you're going to learn to be able to identify. NET and Java malware, to tear them apart, understand how they work by reverse engineering, and then use that information to better protect your users and your organization. The course is broken down into the following modules. First, we'll have an introduction to the course. This will include important foundational concepts, topics that will enable you to be successful for the rest of the course. This will be followed by analyzing. NET binaries, in which we'll take a deep dive into the. NET runtime, understand how it works, so that we can better analyze and pull apart. NET-based malware. We'll follow that up with analyzing Java binaries and take a similar approach, understanding the Java runtime environment and the tools in order to effectively analyze Java binaries. This will enable us to be ready for our next module, in which we'll begin performing real-world malware analysis. At this point, you'll be getting hands-on with Java and. NET malware. And finally, I'll wrap up the course, and I'll provide some mentoring on where I think you can go next in order to continue to expand and sharpen your malware analysis skills. I hope you're ready to learn a ton. Let's get started.

Analyzing .NET Binaries
Welcome to Analyzing. NET Binaries. In this module, we're going to take a look at the core components of the. NET framework. We're going to dig deep and look at the inner workings of. NET bytecode. We're going to use tools such as dnSpy, that allows us to reverse engineer. NET executables. We're going to learn how to trace program behavior in order to perform a full and exhaustive analysis of our target binaries. I will then provide you with a demonstration highlighting all of the techniques that we've discussed up until this point. Finally, I'll introduce the lab, which will allow you to get hands-on and begin to practice and refine the skills that we've discussed in this module. This module is designed to be fast-paced, taking you from high-level concepts to practical application in a short amount of time. I hope you're ready. Let's begin.

Analyzing Java Binaries
Welcome to Analyzing Java Binaries. In this module, we're going to take a look at the details of the Java runtime environment, or JRE. We're going to understand bytecode to further enhance your ability reverse engineer Java binaries. Next we'll take a look at tools that will allow you to reverse engineer Java binaries, and begin to develop a workflow for reverse engineering and analyzing Java code. After an introduction to Java reversing tools, we'll apply what we've learned, and I'll provide you with a demonstration on how to effectively begin using those tools. And then finally, I'll introduce our first Java lab, and then I'll wrap up the module. Let's get started.

Performing Real-world Analysis
Now you're ready to get hands-on and analyze some real-world malware. In this module, we'll begin by discussing how we can analyze. NET ransomware before moving on to the. NET ransomware lab. After that, we'll discuss analyzing a Java Remote Access Trojan, and then go through the Java Remote Access Trojan lab. In this module, you'll be focused on performing real-world analysis with all the tools and techniques that we've discussed up to this point. Now that you have an overview, let's begin.

Leveling up Your Skills
Excellent work. You have made it to the end of the course. We will recap the skills that you now have as a Java and. NET reverse engineer. I'll make some recommendations for next steps, and discuss ways that you can continue to sharpen and hone your malware analysis skills. Now you're ready to disrupt and defeat Java and. NET-based malware attacks.