6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel -...
-
Upload
penelope-patrick -
Category
Documents
-
view
216 -
download
0
Transcript of 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel -...
![Page 1: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/1.jpg)
6th ICR and ID-SIRTII Research Seminar
MasWin ToolsMalware Analysis Windows
ToolsPadma Hotel - Bali
23 September 2015
![Page 2: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/2.jpg)
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected]
Android Malware Operating System
M. Lutfi Sahlan (Malware
Analyst)Research & Development
Dept.Id-SIRTII/CC
M. Ali Syarief (Malware Analyst)Research &
Development Dept.Id-SIRTII/CC
Id-SIRTII/CC is Indonesia National Computer Emergency Response Team
OUR AIMS To support a good environment on Internet infrastructure in the
country
To improve Internet security and encourage legal e-transactions in Indonesia.
Ali Syarief(Malware Analyst)Research & Development
Dept.Id-SIRTII/CC
Andre Nurhanggoro ( Simulation Lab )
Research & Development Dept.Id-SIRTII/CC
![Page 3: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/3.jpg)
OVERVIEW
![Page 4: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/4.jpg)
![Page 5: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/5.jpg)
![Page 6: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/6.jpg)
![Page 7: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/7.jpg)
A software which is designed to infiltrate a computer system
without the owner’s informed consent
Malware
MALicious softWARE
![Page 8: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/8.jpg)
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected]
THE EVOLUTION OF MALWARE
![Page 9: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/9.jpg)
Category DESCRIPTION
MALWARE CATEGORY
![Page 10: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/10.jpg)
![Page 11: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/11.jpg)
![Page 12: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/12.jpg)
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected] / www.idsirtii.or.id
Workflow Lab Malware ID-SIRTII/CC
![Page 13: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/13.jpg)
Why Analysis Malware
Incident ResponseIncident Response
VulnerabilityVulnerability
Attack trends and Threat EvaluationAttack trends and Threat Evaluation
Penetration TestPenetration Test
Computer ForensicsComputer Forensics
Find New signatureFind New signature
![Page 14: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/14.jpg)
regedit
ATTACK AREAWINDOWS
![Page 15: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/15.jpg)
![Page 16: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/16.jpg)
Surface Analysis
TrIDTrIDCFF ExplorerCFF Explorer
BinTextBinText
Runtime Analysis
RegshotRegshot
PE & PMPE & PM
WiresharkWireshark
Static Analysis
OllyDbgOllyDbg
IDA ProIDA Pro
Runtime Analysis
RegshotRegshot
PE & PMPE & PM
WiresharkWireshark
![Page 17: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/17.jpg)
Surface - RUNTIME- Static
![Page 18: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/18.jpg)
![Page 19: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/19.jpg)
![Page 20: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/20.jpg)
DEMOVIDEO
![Page 21: 6th ICR and ID-SIRTII Research Seminar MasWin Tools Malware Analysis Windows Tools Padma Hotel - Bali 23 September 2015.](https://reader036.fdocuments.net/reader036/viewer/2022062422/56649ee45503460f94bf33bc/html5/thumbnails/21.jpg)