Introduction

What?

Notes on techniques for determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Real understanding comes by analysing and reverse engineering the malware. Malware is often the foundation of an attack.

Why?

Understanding how a malware got past defenses and what it was designed to do once inside an environment can expose behaviour and artifacts that can be used to give a proper response to it; to develop better defences against it; to understand how it varies from other malware; to find similar activity; …

How?

• History of malware

• Typical behaviours

• Purpose of a malware attack

• Malware signatures

• Static and dynamic analysis

• Packers