Malware Analysis using Volatility - Workshop eBook Preview

Download
File
Preview Volatility.pdf

Dear Readers,

We would like to proudly present to you the newest Hakin9 workshop issue. In this eBook you will find materials presented in the course “Malware Analysis with Volatility”. Volatility introduced people to the power of analyzing the runtime state of a system using the data found in volatile storage (RAM). It also provided a cross-platform, modular, and extensible platform to encourage further work into this exciting area of research. Another major goal of the project was to encourage the collaboration, innovation, and accessibility to knowledge that had been common within the offensive software communities.

Note: Some of the materials, like videos and exercises, are not presented in this issue. If you would like to gain access to all the materials, you have to buy the course.

To make this issue more interesting we decided to add some extra materials. Finding Advanced Malware Using Volatility by Monnappa KA, that will help you understand how this tool works. In this case scenario you will learn how to detect advanced malware and understand memory forensics. Next two articles were written by Dr. Paulo Henrique Pereira (who is also an instructor of Malware Analysis with Volatility and Live Analysis with Rekall). His first article is about Redline  -  a tool can collect and analyze data with some scripts. If you want to learn more about that, don’t forget to read Practical Live Analysis and Auditing Using Redline IOC Models.

Using n1n3 to simulate an evasive “fileless” malware is a second article written by not only Dr. Pereira, but also by Thiago Geronimo Ferreira, Rubens Louro Vieira, and Renato Basante Borbolla. This article is part of research called Forensics Malware with the use of reverse engineering and is still in progress at the University Nove de Julho (Uninove, Brazil).

The main aim of this eBook is to present our reading materials from our online courses to a wider range of readers. We hope we can meet your expectations. We would also want to thank you for all your support. We appreciate it alot. If you like this publication you can share it and tell your friends about it! Every comment means alot to us. Special thanks to the Proofreader who helped with this issue.

Enjoy your reading,

Hakin9 Magazine’s

Editorial Team

This eBook contains text materials from the course and extra materials


>>Table of Contents<<

If you want to buy this magazine click here


Module 1:  Introduction to Volatility

    • Presentation of Volatility environment for forensic purposes


    • Presentation of module functions in Volatility



Module 2: The architecture of the GUI Windows system from the forensics point of view

    • Memory Forensics plugins for forensics analysis of the GUI Windows.



Module 3: Nefarious actions under the Windows architecture

    • Using Volatility plugins to understand malicious activity.



Module 4: The malicious intelligence from behind the instruction codes and the artifacts in memory

    • The exploitation of system resources to obtain privileges and analyzing algorithm for data capture


    • Research Callbacks


    • Analysis system subclasses


    • Looking for code injection in DLLs


    • Enumerating object types



EXTRA MATERIALS

Finding Advanced Malware Using Volatility

by Monnappa Ka

Practical Live Analysis and Auditing Using Redline IOC Models

Paulo Henrique Pereira, PHD.

Using n1n3 to simulate an evasive “fileless” malware

By Paulo Henrique Pereira, Thiago Geronimo Ferreira, Rubens Louro Vieira, Renato Basante Borbolla


This course covers malware analysis using the Volatility framework addressing the Windows system. The main focus of the course is to present a set of Volatility plugins that allow you to perform malware forensic analysis. The course covers an introduction to Volatility and guides you through the creation of a laboratory before going into practical tasks, which can then be performed both in the Linux and the Windows environments.

Course Page: https://hakin9.org/course/w28-malware-analysis-using-volatility/


If you want to buy this magazine click here


Download
File
Preview Volatility.pdf

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.