Name: Anonymous 2018-10-03 0:46
In order to analyze malware, you first need to understand malware. You can't be good at protecting from malware if you don't even know much about what malware does (or what the components of malware are). Let's talk about malware.
The following concepts are important for malware:
Attack vector
Trojan
Word macro
PDF reader exploit
OSINT
Social engineering
Exploit kit
C2
Dropper
Sandbox
Staging
Packer
Protector
Crypter
Steganography
Polymorphism (malware definition, not the general programming definition)
Portable executable or PE
ELF (executable and linkable format)
Domain-generating algorithm
Traffic distribution system
Tor
Detecting analysis environments (seeing if your malware is running in a VM or researcher's sandbox as opposed to being actually run on a victim machine)
Payload
Exfiltration
HTTP bot
IRC bot
Shell/rootkit/other form of persistence
Shell vs. reverse shell
Slow and low
Forkbombs, WMI hijacking, and other forms of scheduling
Logs
Post-exploitation
Pivoting
Process hooking for trojans
Open source projects such as HiddenTear, and closed source things like DarkComet or Nanocore
The following concepts are important for malware:
Attack vector
Trojan
Word macro
PDF reader exploit
OSINT
Social engineering
Exploit kit
C2
Dropper
Sandbox
Staging
Packer
Protector
Crypter
Steganography
Polymorphism (malware definition, not the general programming definition)
Portable executable or PE
ELF (executable and linkable format)
Domain-generating algorithm
Traffic distribution system
Tor
Detecting analysis environments (seeing if your malware is running in a VM or researcher's sandbox as opposed to being actually run on a victim machine)
Payload
Exfiltration
HTTP bot
IRC bot
Shell/rootkit/other form of persistence
Shell vs. reverse shell
Slow and low
Forkbombs, WMI hijacking, and other forms of scheduling
Logs
Post-exploitation
Pivoting
Process hooking for trojans
Open source projects such as HiddenTear, and closed source things like DarkComet or Nanocore