CS6038/CS5138 Malware Analysis, UC

Course content for UC Malware Analysis

View on GitHub
11 April 2021

Dynamic Analysis, Run-Time Debugging, and Yara

by Coleman Kane

This next module builds on the work done in Ghidra as well as VirtualBox to introduce both real-time analysis of running malicious code, as well as using findings to hunt for the malware on a running system.

Be advised that the below content is from the 2020 class, referencing timeframes for material covered which is different from how the 2021 schedule for the class was organized.

The lectures make reference to a malware artifact which I built that was distributed in 2020. As the link for that is buried in lecture notes, I am providing another link for the revolutions_backdoor_windows.exe:

Working with debuggers, manipulating execution of malware to analyze behavior and other run-time characteristics:

Turning findings into Yara signatures, and a hunting exercise:


tags: pupy lecture forensics metasploit plaso autoruns mft2csv dynamic pdf run-time-analysis sysmon procmon volatility winpmem virtualbox vm