Malware Analysis: Tips & Tricks Poster

Uncovering the capabilities of malicious software allows security professionals to respond to incidents, fortify defenses, and derive threat intelligence. The malware analysis tips and tricks outlined in this poster act as a starting point and a reminder for the individuals looking to reverse-engineer and otherwise examine suspicious files such as compiled executables and potentially malicious documents. What threat does the malicious or suspicious artifact pose? What do its mechanics reveal about the adversary’s goals and capabilities? How effective are the company’s security controls against such infections? What security measures can strengthen the infrastructure from future attacks of this nature? Malware analysis helps answer such questions critical to an organization’s ability to handle malware threats and related incidents.

This poster brings together malware analysis resources related to: 

  • The overall process to examining malicious software in a controlled lab environment 
  • Using the REMnux® toolkit for analyzing malicious software using Linux-based tools
  • Taking a closer look at malicious software by reversing it at the code level 
  • Analyzing malicious documents, including Microsoft Office and PDF files

This poster has been created as reference for the FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques course by DFIR Instructor, course author & SANS Faculty Fellow Lenny Zeltser 

February 7, 2023