Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL. The output of the analysis aids in the detection and mitigation of the potential threat.
The key benefit of malware analysis is that it helps incident responders and security analysts:
Pragmatically triage incidents by level of severity
Uncover hidden indicators of compromise (IOCs) that should be blocked
Improve the efficacy of IOC alerts and notifications
Enrich context when threat hunting
The analysis may be conducted in a manner that is static, dynamic or a hybrid of the two.
Static Analysis
Basic static analysis does not require that the code is actually run. Instead, static analysis examines the file for signs of malicious intent. It can be useful to identify malicious infrastructure, libraries or packed files.
Technical indicators are identified such as file names, hashes, strings such as IP addresses, domains, and file header data can be used to determine whether that file is malicious. In addition, tools like disassemblers and network analyzers can be used to observe the malware without actually running it in order to collect information on how the malware works.
Dynamic Analysis
Dynamic malware analysis executes suspected malicious code in a safe environment called a sandbox. This closed system enables security professionals to watch the malware in action without the risk of letting it infect their system or escape into the enterprise network.
Dynamic analysis provides threat hunters and incident responders with deeper visibility, allowing them to uncover the true nature of a threat. As a secondary benefit, automated sandboxing eliminates the time it would take to reverse engineer a file to discover the malicious code.
This course aims to point out the security essentials for any given IT organization. The course enables students to setup a secure base from scratch or review an existing security skeleton for their IT environments. The course targets the IT security beginners as well as professionals to enrich their knowledge about cyber security and to pursue their career in such field.