This has been completed using 3 windows VMs (Windows XP 32-bit, Windows 7 32-bit, Windows 10 64-bit), a pfSense box, and an instance of SIFT Workstation however, you really only need a couple of VMs (32-bit and 64-bit) so long as they have Python installed and the tools used (including Snort).In some instances Ghidra has been used where scripting or extensions were required and only available in a paid version of IDA Pro. The term IDA and IDA Pro have been used interchangeably here and are used to reference IDA Pro Freeware Version v5.0, in addition variants of ‘xrefs’ have also been used to mean ‘cross-references’.This is most common with DLLs, and if it occurs your address will have been rebased. If your addresses don’t match those outlined here it’s because a program is running that is using the desired base address of the binary in question.Special thanks to No Starch Press for the shout-out of this post, and to both Michael Sikorski and Andrew Honig for their permission to create this blog post based on the material and exercises contained within ‘Practical Malware Analysis’. I would thoroughly recommend purchasing this book. This is a very informative book to learn about malware analysis and comes with a number of binaries to test your reverse engineering skills. This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski, and Andrew Honig, which is published by No Starch Press.
Practical Malware Analysis - Lab Write-up
0 kommentar(er)
