Difference between pages "User:Moyix" and "Malware analysis"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(New page: Real name: Brendan Dolan-Gavitt I do research on Memory Analysis, and am an active contributor to Volatility. I presented work describing Virtual Address Descriptors in Windows at...)
 
(See Also)
 
Line 1: Line 1:
Real name: Brendan Dolan-Gavitt
+
Analyzing [[malware]], or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality.
  
I do research on [[Memory Analysis]], and am an active contributor to [[Volatility]]. I presented work describing Virtual Address Descriptors in Windows at [[DFRWS]] in 2007, and have continued to work on extracting information from dumps of memory from Windows systems. Much of this work can be found on [http://moyix.blogspot.com my blog].
+
Some common tools for malware analysis include simple programs like [[strings]]. More complex analysis can be conducted by looking at the headers of executables with programs like [[PEiD]] and [[PeExplorer]]. Finally, the most complete analysis can be done with debuggers like [[IDA Pro]] and [[OllyDbg]].  
  
Although I am currently employed at the [http://www.mitre.org MITRE Corporation], nothing I say or do here represents them in any way. This fall I will be joining the PhD Computer Science program at Georgia Tech.
+
== See Also ==
 +
* [[Malware]]
 +
* [[List of Malware Analysis Tools]]
 +
 
 +
== External Links ==
 +
* [http://nakedsecurity.sophos.com/2013/10/11/anatomy-of-an-exploit-ie-zero-day-part-1/ Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 1], by Paul Ducklin on October 11, 2013
 +
* [http://nakedsecurity.sophos.com/2013/10/25/anatomy-of-an-exploit-inside-the-cve-2013-3893-internet-explorer-zero-day-part-2/ Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 2], by Paul Ducklin on October 25, 2013
 +
 
 +
[[Category:Malware]]

Revision as of 01:33, 28 October 2013

Analyzing malware, or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality.

Some common tools for malware analysis include simple programs like strings. More complex analysis can be conducted by looking at the headers of executables with programs like PEiD and PeExplorer. Finally, the most complete analysis can be done with debuggers like IDA Pro and OllyDbg.

See Also

External Links