Examining static properties of suspicious files is a good starting point for malware analysis. This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code. Let's take a look at several free Windows tools that are useful for extracting such meta data from potentially-malicious executables.
Many malware reverse-engineers consider OllyDbg a valuable part of their toolkit. The latest version 1 release of this powerful debugger has been showing its age. Fortunately, version 2.01 seems to be sufficiently mature to start displacing its predecessor as part of the malware analysis workflow. Here's what you can expect when starting to experiment with OllyDbg version 2.01.
If you're migrating your malware lab from Windows XP, watch out for the forced ASLR feature of the operating system, especially when using Windows 8.1. ASLR is good for security, but it complicates malware analysis efforts. IDA Pro, OllyDbg, UPX and other tools could get confused. Here is how to get around these issues.
It's been a busy time in digital forensics and incident response (DFIR). Every summer, for over 20 years, infosec and forensicators and old school hackers have gathered in Las Vegas. A mixture of very deep tech talks, trainings, and technology oriented distractions "flood the zone" in Las Vegas. Close to 15-20,000 people were in Las Vegas this summer for what has now evolved into three separate conferences, all in the same week.
July 27th was the start of Black Hat atCaesars Palace in Las Vegas. The conference kicks off with training in the last weekend of the month, and finishes onWednesday, July 31st and Thursday, August 1st, with lectures and technical demonstrations, called "Black Hat Briefings." This year, in the wake of the NSA/Snowden rowe, NSA Director, General Keith Alexander gave the opening keynote. Black Hat was more corporate than ever, with more sponsor banners, and sponsor-generated talks (disclosed by the organizers, and placed in a separate area, bravo!)...
SANS expanded the Reverse-Engineering Malware course (FOR610) to include a day's worth of capture-the flag malware analysis challenges. The challenges are built upon the NetWars tournament platform and are designed to reinforce the skills learned earlier in the course by experimenting with real-world malware. You can get a sneak peak at the new experience.