This repository contains tasks and exercises from the Malware Analysis Workshop organized by GDSC Cairo University. It serves as a learning hub for participants to practice malware analysis techniques, apply theoretical knowledge, and refine their skills in handling real-world malicious software.
The Malware Analysis Workshop is designed to provide cybersecurity enthusiasts and aspiring malware analysts with hands-on experience in understanding and dissecting malicious software. Throughout the sessions, participants will explore various malware analysis techniques, reverse engineering methodologies, and the tools required to analyze, detect, and mitigate cyber threats effectively.
This workshop covers both static and dynamic malware analysis, starting from fundamental concepts and progressing toward advanced analysis techniques, including debugging, disassembling, and de-obfuscation. It also focuses on practical exercises, enabling participants to gain confidence in working with real malware samples in a controlled and safe environment.
The workshop is led by Islam Abbas, a cybersecurity expert with extensive experience in malware analysis and reverse engineering
The workshop follows a structured learning path that gradually builds the participant's skills from basic concepts to advanced malware analysis techniques.
- Understanding the goals and structure of the workshop
- Learning how to study and practice effectively
- Explanation of the tasks and meetings system
- Programming Essentials: Basics of C and Python
- Encryption & Hashing: Understanding encoding, cryptography, and hashing techniques
- CPU Architecture & OS Concepts: Registers, memory management, stack, heap, processes, threads, mutexes, and Windows API
- Networking Fundamentals: OSI model and an introduction to Wireshark
- What is malware?
- Different types of malware and how they function
- Steps of malware analysis
- Understanding virtual machines and why they are essential for malware analysis
- Installing and configuring a safe lab environment
- Introduction to important tools and system settings required for analysis
- What is static analysis, and why is it useful?
- Exploring different static analysis techniques
- Using tools and websites to analyze malware samples
- Understanding Portable Executable (PE) files and how they function
- Introduction to packing & obfuscation techniques used by malware developers
- Methods to de-obfuscate and unpack malware samples
- What is dynamic analysis, and why do we need it?
- Understanding sandbox environments and their role in malware analysis
- Running malware in a controlled environment to observe behavior
- Tracking malware activities, such as process execution, API calls, file system modifications, registry changes, and network activity
- Understanding Assembly language and why it is crucial for malware analysis
- Learning basic assembly instructions for data movement, arithmetic operations, logical operations, and control flow
- Introduction to stack operations and memory manipulation
- How functions are structured in Assembly code
- Understanding calling conventions
- Identifying different control flow structures such as if-else, loops, switch cases, and jump tables
- Working with arrays and structures in Assembly
- Introduction to IDA Pro and its significance in reverse engineering
- How to navigate and analyze code using IDA
- Learning about graph view, function analysis, and control flow visualization
- Automating analysis with IDC & Python scripting
- Installing and utilizing IDA plugins for enhanced functionality
- Practical exercises on analyzing real-world malware samples with IDA
- What is Ghidra, and how does it compare to IDA?
- Understanding Ghidra's decompiler and its role in malware analysis
- Learning how to navigate, disassemble, and analyze binaries with Ghidra
- Using Ghidra scripts and automation to improve efficiency
- Practical exercises on analyzing real-world malware samples with Ghidra
- What are debuggers, and why are they essential for malware analysis?
- Learning how to control execution flow using debuggers
- Step-by-step debugging: Step into, step over, step out, and breakpoints
- Debugging DLL files and Windows executables
- Understanding tracing, patching, and memory manipulation
- Exploring important debugger plugins and their functionalities
- Hands-on exercises with real malware debugging
- Understanding how to document malware analysis findings
- Extracting indicators of compromise (IOCs) from malware samples
- Writing professional malware analysis reports based on real-world cases