This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn
Analyzing malware, or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality.
Some common tools for malware analysis include simple programs like strings. More complex analysis can be conducted by looking at the headers of executables with programs like PEiD and PeExplorer. Finally, the most complete analysis can be done with debuggers like IDA Pro and OllyDbg.
- Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 1, by Paul Ducklin on October 11, 2013
- Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 2, by Paul Ducklin on October 25, 2013
- Uroburos Rootkit Hook Analysis and Driver Extraction, SP Security Blog, March 20, 2014