Upload
penelope-patrick
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
6th ICR and ID-SIRTII Research Seminar
MasWin ToolsMalware Analysis Windows
ToolsPadma Hotel - Bali
23 September 2015
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected]
Android Malware Operating System
M. Lutfi Sahlan (Malware
Analyst)Research & Development
Dept.Id-SIRTII/CC
M. Ali Syarief (Malware Analyst)Research &
Development Dept.Id-SIRTII/CC
Id-SIRTII/CC is Indonesia National Computer Emergency Response Team
OUR AIMS To support a good environment on Internet infrastructure in the
country
To improve Internet security and encourage legal e-transactions in Indonesia.
Ali Syarief(Malware Analyst)Research & Development
Dept.Id-SIRTII/CC
Andre Nurhanggoro ( Simulation Lab )
Research & Development Dept.Id-SIRTII/CC
OVERVIEW
A software which is designed to infiltrate a computer system
without the owner’s informed consent
Malware
MALicious softWARE
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected]
THE EVOLUTION OF MALWARE
Category DESCRIPTION
MALWARE CATEGORY
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected] / www.idsirtii.or.id
Workflow Lab Malware ID-SIRTII/CC
Why Analysis Malware
Incident ResponseIncident Response
VulnerabilityVulnerability
Attack trends and Threat EvaluationAttack trends and Threat Evaluation
Penetration TestPenetration Test
Computer ForensicsComputer Forensics
Find New signatureFind New signature
regedit
ATTACK AREAWINDOWS
Surface Analysis
TrIDTrIDCFF ExplorerCFF Explorer
BinTextBinText
Runtime Analysis
RegshotRegshot
PE & PMPE & PM
WiresharkWireshark
Static Analysis
OllyDbgOllyDbg
IDA ProIDA Pro
Runtime Analysis
RegshotRegshot
PE & PMPE & PM
WiresharkWireshark
Surface - RUNTIME- Static
DEMOVIDEO