HITCON GIRLS 成大講座 惡意程式分析(Turkey)

Preview:

Click to see full reader

Citation preview

mailto:turkey.li@hitcon.org

HITCON Pacific

HITCON Community

HITCON GIRLS

HITCON Training

HITCON CTF

HITCON ZeroDay

HITCON Knowledge BaseHITCON FreeTalk

烏雲

https://zeroday.hitcon.org/
http://kb.hitcon.org/

惡意程式分析介紹

惡意程式分析⽅式

線上檢測

⼿動分析

https://www.virustotal.com

https://www.virustotal.com

https://fireeye.ijinshan.com/

常 用 工 具 介 紹

觀察 Process ⾏為:

Microsoft Process Explorer

觀察網路⾏為:

TCPView

觀察啟動項:

AutoRuns

Wireshark

!

ProcessExplorer

下⾴看放⼤圖..

ProcessExplorer

!

TCPView

但 TCPView 無法看歷史連線紀錄,當連線⼀斷,即消失

!

Wireshark

Wireshark

http://intweb.mxxxork.xxx

!

http://intweb.mxxxork.xxx

Autoruns

http://intweb.mxxxork.xxx

分析過程很靠經驗

時間很長, 需要靠經驗讓分析時間越來越短

http://goo.gl/TQF088

看雪学院-pediy.com

http://www.pediy.com/
https://www.youtube.com/watch?v=6WEj_MjYU_Q

備份

勒索軟體預防

感謝聆聽

mailto:turkey.li@hitcon.org

Recommended

HitCon'14: On the Feasibility of Automatically Generating Android Component Hijacking Exploits
Internet
Windows Kernel Shellcode Exploit - HITCON
Documents
Let’s Play Hide and Seek In the Cloud - HITCON · 2015-09-01 · HITCON 2015 Let’s Play Hide and Seek in the Cloud Belinda •Belinda Lai •Security Engineer in III •Malware
Documents
Poetry-2014-08-24 - CBCWLAcbcwla.org/media/ch/SundaySchool/2014/Poetry-2014-08-24.pdf · • 即便是惡的美,也對我有害,我不與惡同,更不與他們同 :「求你不叫我的偏向邪惡,以致我和作孽的同惡事。」
Documents
Exploitation Of Windows .NET Framework - HITCON
Documents
HITCON TALK 技術解析 SWIFT Network 攻擊
Technology
MIFARE Classic: Completely Broken - HITCON
Documents
HITCON TALK 台灣駭客協會年度活動簡介
Technology
HITCON CTF 導覽
Technology
REMOTE ATTACKS ON VEHICLES BY EXPLOITING VULNERABLE TELEMATICS Conf/Hitcon/Hitcon-2016/12… · REMOTE ATTACKS ON VEHICLES BY EXPLOITING VULNERABLE TELEMATICS Dawei Lyu, Lei Xue,
Documents
認識信仰 - 人性和罪惡
Documents
Harden your program the hard way - HITCON · 2017-08-29 · Harden your program the hard way by Jhe & Eddy@HITCON-CMT. Who am I ? Jhe co-founder of UCCU ... Harden your program after
Documents
How I Hacked Facebook Again! - HITCON 2020 I Hacked Facebook...How I Hacked facebook Again! by Orange Tsai Orange Tsai •Principal security researcher at DEVCORE •Captain of HITCON
Documents
HITCON GIRLS: Android 滲透測試介紹 (Elven Liu)
Technology
HITCON TALK 產業視野下的 InfoSec
Technology
HITCON X Playground - CRAX
Engineering
うお座 やぎ座 さそり座 おとめ座 かに座 おうし座...OLEUD 2102 みずがめ座 DTXDULXV 12121 いて座 VDJLWDULXV 1121221 おうし座 WD\UXV 21521 かに座 FDQFHU
Documents
Hitcon 2014: Surviving in tough Russian Environment
Technology
HITCON GIRLS 成大講座 密碼學(阿毛)
Education
HITCON GIRLS Malware Analysis
Technology