Cracking nuts & malware analysis

Deciphering the inner workings of compiled languages in detail. Disassembling binaries to solve the crackmes at the assembly level.

And inspecting several malware samples in the wild, a typical pattern arises, making analysing other samples easier with experience. Knowing these common behaviours gives an idea of what to look for on the defensive side.

---

Testlab

• Static analysis
• Disassemblers
• Debuggers
• Decompilers
• Program editing tools
• Analysis automation programming
• Software forensic tools
• Malware analysis tools

---

Notes on techniques

Cracking

• Introduction
• Assessment and static analysis
• Executable file formats
• Reverse engineering in Linux
• Reverse engineering in Windows
• WebAssembly (WASM)

Malware analysis

• Introduction
• History of malware
• Typical behaviours
• Purpose of a malware attack
• Malware signatures
• Static and dynamic analysis
• Packers

---

Coding for better understanding of concepts, and for some hands-on.

Useful snippets

• Using Windows APIs
• Code snippets for using WASM

---

TryHackMe rooms

• Introduction
• Analysing malicious pdfs
• Analysing malicious Microsoft Office macros
• I hope you packed your bags
• THM Dunkle Materie

Root-me cracking challenges

• Introduction
• ELF x86 0 protection
• ELF x86 basic
• PE x86 0 protection
• ELF C++ 0 protection
• Godot 0 protection
• PE x86 0 protection
• ELF MIPS basic crackme
• ELF x64 golang basic
• ELF x86 fake instructions
• ELF x86 ptrace
• Godot bytecode
• WASM introduction
• ELF ARM basic crackme
• Godot mono
• PYC bytecode
• ELF x86 no software breakpoints
• ELF ARM crackme 1337
• ELF x86 crackpass
• ELF x86 exploitme
• ELF x86 random crackme
• GB basic Game Boy crackme
• APK anti-debug

---

More practice

• Malware traffic analysis exercises
• theZoo - A Live Malware Repository
• crackmes.one

---