Teaching

Prérequis TPs

Pour installer un outil sur votre VM, utilisez cette commande.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/securitylab-repository/scripts/refs/heads/main/script_name)"  -s  arg1 arg2 ...

Analyse de malwares, Analyse post-mortem & Forensic

This course provides an introduction to reverse engineering methods. It describes different methods dedicated to the analysis of malicious software. These methods, based on static and dynamic techniques, provide information on the impacts that these undesirable files can have on the computer system when they are executed.

Part 1: Fundamental System Concepts

In this section, we introduce key system concepts, including the compilation process, processes, virtual memory, the organization of information within virtual memory, and the structure of PE and ELF formats. Additionally, we provide a foundation in assembly language. This fundamental knowledge is essential for understanding how malicious software interacts with the system.

Part 2: Static Analysis Techniques

This section covers static analysis techniques used to examine malicious software without executing it. Tools like Strings, IDA Pro, radare2, etc. are introduced to analyze the binary files and extract valuable information about the malware’s behavior.

Part 3: Dynamic Analysis Techniques

In this part, we explore dynamic analysis techniques that involve executing the malware in a controlled environment to observe its behavior. Tools like (Process Monitor, Process Explorer, InetSim, Wireshark, etc.) are used to analyze the system’s state and detect any changes (in file system, memory, disk, registry, network, etc.) made by the malware.

Part 4: Practical Work

The final part immerses students in practical work where they apply the learned techniques to real-world scenarios. Students will use tools like volatility, IDA Pro, and radare2 to analyze sample malware and understand its impact on the system.