Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Few questions regarding malware analysis lab - how to do it properly?
Message
<blockquote data-quote="struppigel" data-source="post: 984179" data-attributes="member: 86910"><p>String deobfuscation tends to be one of the easier tasks, since it is often just one ore more functions called to decode the strings. So in many cases you can find that function and decode the string by checking its output. That even works if you have no idea what algorithm is used for decoding. A step up to that is reversing this algorithm and programming your own string decoder, e.g., in IDA Python for automatic decoding of all the strings.</p><p>XOR and base64 are common. I also use CyberChef to test hypothesis, because sometimes I see a string and think, it looks like XOR. But often you have custom algorithms.</p><p></p><p>Control flow obfuscation is harder to deal with. If you are lucky, someone has already created a tool. But otherwise it is a pita.</p><p></p><p>I think you are already doing very well in regards to your malware analysis learning. You will reach learning plateaus where you think you learn nothing, but that is normal for any kind of learning. Keep going if that happens. At some point you will look back and realize how much you have actually learnt. Reversing needs quite some frustration resistance at times. Also, you will never stop learning, the field is so vast. I do this professionally since 2015 and still feel like a noob sometimes.</p></blockquote><p></p>
[QUOTE="struppigel, post: 984179, member: 86910"] String deobfuscation tends to be one of the easier tasks, since it is often just one ore more functions called to decode the strings. So in many cases you can find that function and decode the string by checking its output. That even works if you have no idea what algorithm is used for decoding. A step up to that is reversing this algorithm and programming your own string decoder, e.g., in IDA Python for automatic decoding of all the strings. XOR and base64 are common. I also use CyberChef to test hypothesis, because sometimes I see a string and think, it looks like XOR. But often you have custom algorithms. Control flow obfuscation is harder to deal with. If you are lucky, someone has already created a tool. But otherwise it is a pita. I think you are already doing very well in regards to your malware analysis learning. You will reach learning plateaus where you think you learn nothing, but that is normal for any kind of learning. Keep going if that happens. At some point you will look back and realize how much you have actually learnt. Reversing needs quite some frustration resistance at times. Also, you will never stop learning, the field is so vast. I do this professionally since 2015 and still feel like a noob sometimes. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
