Malware Analysis: Tips & Tricks Poster
Uncovering the capabilities of malicious software allows security professionals to respond to
incidents, fortify defenses, and derive threat intelligence. The malware analysis tips and tricks
outlined in this poster act as a starting point and a reminder for the individuals looking to
reverse-engineer and otherwise examine suspicious files such as compiled executables and
potentially malicious documents.
What threat does the malicious or suspicious artifact pose? What do its mechanics reveal
about the adversary’s goals and capabilities? How effective are the company’s security
controls against such infections? What security measures can strengthen the infrastructure
from future attacks of this nature? Malware analysis helps answer such questions critical to
an organization’s ability to handle malware threats and related incidents.
This poster brings together malware analysis resources related to:
- The overall process to examining malicious software in a controlled lab environment
- Using the REMnux® toolkit for analyzing malicious software using Linux-based tools
- Taking a closer look at malicious software by reversing it at the code level
- Analyzing malicious documents, including Microsoft Office and PDF files
This poster has been created as reference for the FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques course by DFIR Instructor, course author & SANS Faculty Fellow Lenny Zeltser
February 7, 2023
