Lab exercises from the textbook 'Practical Malware Analysis'

WARNING: code required for exercises is malicious, only run within a VM completely isolated from outside connections and host machine

Link to lab files: https://practicalmalwareanalysis.com/labs/

This is a repo to mark my progress working through this book. Techniques used cover both static and dynamic malware analysis and the programs were run using 3 virtual machines on an internal virtual network:

• Patient zero: Windows XP Pro SP3, analysis tools and malware executed here
• Hapless victim: vanilla Windows XP Pro SP3 install, to see if/how a malicious program spreads
• Fake server: Linux Mint 18.1 running INetSim

Files in the repo are .txt writeups, function call graphs, and database files generated by IDA Pro. Malicious .exe and .dll files have not been included, nothing here should bite.

##Subject of labs:##

• Chapter 3: Basic dynamic analysis techniques
• Chapter 5: Using IDA Pro

Languages Used:

• x86 Assembly
• Python
• C

List of Software Used:

• VirtualBox
• IDA Pro freeware (v5.0)
• apateDNS
• Dependency Walker
• MD5Deep
• Process Explorer
• Process Monitor
• Netcat
• INetSim
• RegShot
• Wireshark
• Resource Hacker
• PEView
• WindowsXP SysInternals suite