From Student to Security Analyst

A documented journal on exploring the world of Malware Analysis and Threat Intelligence. With no professional background and a lot of passion, this journal will show others my progress and challenges I faced during this journey.

About

Computer Science student and Cyber Security enthusiast, looking forward into sharing ideas and knowledge towards peers with similar interests in Threat Intelligence and Malware Analysis.

Recent Posts

Quasar RAT

Quasar RAT

Managed Defense analysts were the first one to analyse a variant of Quasar RAT specific to threat group APT10 (Red Apollo), a Chinese cyber-espionage group.

Agent Tesla

Agent Tesla

Agent Telsa is a spyware, keylogger and information stealer Trojan written in C# that has been active since 2014 as a MaaS (Malware as a Service). Commonly distributed via emails, the attacker intends to lure the victim into opening the attachment.

DarkCrystal RAT

DarkCrystal RAT

DarkCrystal RAT analysis made by a beginner, performing static analysis in order to gain a deeper understanding on how this malware operates.

Code Evolution Techniques

Code Evolution Techniques

The biggest enemy of a virus writer are scanner products that are the most popular of current antivirus software. Generic AV solutions, such as inteegrity checking and behaviour blocking, never managed to apparoch the popularity of antivirus scanner.

Self Protection Strategies

Self Protection Strategies

Memory resident viruses often use a tunneling technique to get around behaviour blocker systems. Resident tunneling viruses attempt to be the first on a call chain of interrupts, installing themselves in front of other resident applications, to call interrupts directly at the entry point of their original handler.

Memory Infection Strategies

Memory Infection Strategies

Direct-action viruses load with the host program into computer memory. Upon getting control, they look for new objects to infect by searching for new files. This is exactly why one of the most common kinds of computer virus is the direct-action infector and it can be crafted with relative ease by the attacker on a variety of platforms. They only infect a couple of files upon execution, but some viruses infect everything at once by enumerating all directories for victims.

Infection Strategies

Infection Strategies

The first known successful computer viruses were boot sector viruses; they are rarely used nowadays but are interesting since they can infect any computer by taking advantage of the boot process of personal computers. Because most computers do not contain an operating system in their ROM, they need to load the system from somewhere else, such as from a disk or from the network.

Malicious Code Environments

Malicious Code Environments

To analyse any malware, we need to understand its theory, how malware are built and where do they get executed. In this chapter, we'll take a look at different environments that a malware can get executed or spread to different systems.

Basic static analysis

Basic static analysis

Static analysis is the process of analysing a malicious code without executing it. In this chapter, we will see different techniques when approaching our initial phase of analysis where we'll simply gather general information about what the malware could do and guess it's behaviour.

Introduction to malware analysis

Introduction to malware analysis

Introduction to malware analysis, some foundations and terminologies. We'll also take a look at what static and dynamic analysis.