Hands-On Malware Analysis (Windows 10/11 Compatible)

Learn Malware Analysis by Coding Malware (Ransomware, Keyloggers, Injectors, malicious DLL’s, and more)

What you'll learn
You will learn to analyze, prevent and codify ransomware (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify a keylogger which can hide in a legitimate windows process (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify a keylogger with filter to steal Facebook credentials (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify an injector to infect a legitimate Windows process (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify a malicious dll (proof of concept). Source code will be provided for academic purposes.
You will learn how to set up a test lab to safely analyze malware.
You will learn to differentiate between different types of malware, their behavior, their vectors attack, preventions advices and more.
You will learn the process a malware follows to get into your system.
You will learn by doing the main malware components: payload, obfuscator, persistence, stealth, and armoring.
You will learn how a malware connects to a Command and Control Center and what is its function.
You will learn to get Indicators of Compromise (IoC) on infected systems.
You will learn by doing how a simple piece of software could trick users to download malware.
You will learn to capture malware on your operating system.
You will learn how to capture malicious traffic on your network.
Requirements
Basic computer and programming knowledge in any language is recommended (Not mandatory).
Description
Updated: As we promised to you, this course is alive and we just added an entire new section. It's about Shims, as always, you will find: theory, a practical lab, and full access to source code. Enjoy!¡We will take you step by step from Static to Dynamic Analysis, to teach you how to catch, an examine our own malware samples in your system and network!You will learn to analyze, prevent and codify: Ransomware, Keyloggers, Injectors, malicious DLL’s, Shims  and more.- Our Labs are also compatible with the new Windows 11.- This course now belongs to Sanru online academy, and has been enhanced and re-edited. This is a 100% interactive course.We compromise to answer ALL YOUR QUESTIONS.We compromise to keep this course updated.We compromise to add new sections over time making this course alive, so you will always have new malware samples to conduct your own experiments.Did you know that Cyber Security researcher jobs demand is increasing year by year? Did you know this demand is not covered and the salaries are the highest in the technology sector?This course  will teach you everything you need to know to start your career as MALWARE ANALYST and put you on the highway to one of the most well-paid sectors in the cyber security industry.Based in the premise: "You can't analyze something you don't understand how it works". You will be provided with full malware source code (proof of concept). We will walk you through our malware samples (Injectors, malicious DLL’s, Keyloggers and Ransomware) line by line.We will use our own malware samples to teach you stealth techniques, obfuscation, armoring and persistence.If you are not a beginner either way, you will enjoy and gain knowledge by analyzing our malware code and technical explanations.This course was designed by experimented malware analysts, cyber security researchers and academics. It is meant to be didactic and easy to follow, then is full of resources that you will find in the correspondents sections.So far, we added these resources (could be more later):1. Rams1: is a Ransomware malware sample (full code provided for academic purposes).2. DecryptRams1: software to decrypt files encrypted by Rams1 (full code provided for academic purposes).3. Ransomware Help: is a small document to help you out if you are infected.4. TotalAware2: is a Keylogger able to steal Facebook credentials and connect to a Command and Control Center   (full code provided for academic purposes).5. TotalAware3: is a Keylogger coded in C++. (full code provided for academic purposes).6. Injector7: injects malicious code into a legitimate Windows process (full code provided for academic purposes).7. Dll4: is a sample malware coded into a dll (full code provided for academic purposes).8. Dll8: shows how to use export function in a dll (full code provided for academic purposes).9. Practices: is a document containing the lab exercises guide.10. Lab Requirements and quick guide: is a document to help you set up a safe lab for malware analysis.11. Web Resources: is a document with web pages will be using along the course.12. CriticalPatchWin1.0: is a malware sample to trick users into download malware (full code provided for academic purposes).Just a little something: Crackers are unwelcome! We are the good guys. Our malware samples are not meant to be weaponized.

Overview

Section 1: Presentation

Lecture 1 Welcome

Lecture 2 Course Description

Section 2: Introduction to Malware Analysis

Lecture 3 Section presentation and learning objectives

Lecture 4 What is malware? Infection Vectors, Why do we perform malware Analysis?

Lecture 5 Types of malware, Malware components, Command and Control Center

Lecture 6 How malware get in your system? Prevention methods, Static and Dynamic Analysis

Section 3: Setting up the Lab

Lecture 7 Section presentation and learning objectives

Lecture 8 Setting up Windows 10 virtual machine

Lecture 9 Setting up Inetsim in Kali Linux virtual machine

Lecture 10 Setting up Inetsim in Windows 10 virtual machine

Lecture 11 Virtual Box settings

Lecture 12 Get back Windows 10 virtual machine on line

Section 4: Precautions before start any Lab

Lecture 13 Before start any Lab

Section 5: Static Analysis

Lecture 14 Section presentation and learning objectives

Lecture 15 Portable Executable (PE)

Lecture 16 File Type

Lecture 17 Fingerprinting

Lecture 18 Strings

Lecture 19 Obfuscation

Section 6: Dynamic Analysis

Lecture 20 How to carry out Dynamic Analysis

Section 7: Hands-on Static and Dynamic Analysis

Lecture 21 Section presentation and learning objectives

Lecture 22 Social Engineering and Downloaders

Lecture 23 Catching Keyloggers

Lecture 24 Catching keylogger traffic 1/2

Lecture 25 Catching keylogger traffic 2/2

Section 8: Malware in DLLs

Lecture 26 Section presentation and learning objectives

Lecture 27 What are DLLs? Imports/Exports/Apis, Introduction to Dll Injection

Lecture 28 Dll injection tecniques, Remote code injection details

Lecture 29 Coding Remote dll injection

Lecture 30 Coding malware into DLLs

Section 9: Analyzing malicious DLLs

Lecture 31 Section presentation and learning objectives

Lecture 32 DLL analysis with rundll32

Lecture 33 DLL analysis with x32dbg

Lecture 34 DLL analysis combining x32dbg, rundll32 and procmon

Lecture 35 DLL analysis with Noriben

Section 10: Coding Keyloggers

Lecture 36 Section presentation and learning objectives

Lecture 37 Keylogger TotalAware3 code review

Lecture 38 Keylogger TotalAware2 presentation

Lecture 39 TotalAware2 Facebook spy module 1/2

Lecture 40 TotalAware2 Facebook spy module 2/2

Lecture 41 Delegates in C#

Lecture 42 TotalAware2 keyboard listener 1/2

Lecture 43 TotalAware2 keyboard listener 2/2

Section 11: Coding Ransomware

Lecture 44 Section presentation and learning objectives

Lecture 45 What is Ransomware? Infection symptoms, Steps a Ransomware carry out

Lecture 46 Dealing with ransomware infection, Ransomware Rams1 flowchart

Lecture 47 Rams1 code review 1/3

Lecture 48 Rams1 code review 2/3

Lecture 49 Rams1 code review 3/3

Lecture 50 DecryptRams1 code review

Lecture 51 Catching Rams1 with wireshark

Lecture 52 Adding Complexity layers to Rams1 1/2

Lecture 53 Adding Complexity layers to Rams1 2/2

Section 12: Getting more from practices

Lecture 54 Malware components deciphered

Lecture 55 Getting Indicators of Compromise (IoC)

Section 13: Shims

Lecture 56 Section presentation and learning objectives

Lecture 57 What is a shim? What is for? How it works?

Lecture 58 Setting up the lab for Shims demonstration 1/2

Lecture 59 Setting up the lab for Shims demonstration 2/2

Lecture 60 Abusing shim feature to inject malware.

Lecture 61 Exfiltrating data using Metasploit.

Lecture 62 Dealing with shim infections.

Beginners who want to pursuit a lucrative career as Malware Analysts or Cyber security researchers.,Malware enthusiasts in general, and cyber security researchers who want to gain knowledge in cyber threats.