Embed Size (px)
Citation preview
6th ICR and ID-SIRTII Research Seminar
MasWin ToolsMalware Analysis Windows
ToolsPadma Hotel - Bali
23 September 2015
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected]
Android Malware Operating System
M. Lutfi Sahlan (Malware
Analyst)Research & Development
Dept.Id-SIRTII/CC
M. Ali Syarief (Malware Analyst)Research &
Development Dept.Id-SIRTII/CC
Id-SIRTII/CC is Indonesia National Computer Emergency Response Team
OUR AIMS To support a good environment on Internet infrastructure in the
country
To improve Internet security and encourage legal e-transactions in Indonesia.
Ali Syarief(Malware Analyst)Research & Development
Dept.Id-SIRTII/CC
Andre Nurhanggoro ( Simulation Lab )
Research & Development Dept.Id-SIRTII/CC
OVERVIEW
A software which is designed to infiltrate a computer system
without the owner’s informed consent
Malware
MALicious softWARE
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected]
THE EVOLUTION OF MALWARE
Category DESCRIPTION
MALWARE CATEGORY
Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / [email protected] / www.idsirtii.or.id
Workflow Lab Malware ID-SIRTII/CC
Why Analysis MalwareIncident Response
Vulnerability
Attack trends and Threat Evaluation
Penetration Test
Computer Forensics
Find New signature
regedit
ATTACK AREAWINDOWS
Surface AnalysisTrIDCFF ExplorerBinText
Runtime AnalysisRegshotPE & PM
Wireshark
Static AnalysisOllyDbg
IDA Pro
Runtime AnalysisRegshotPE & PM
Wireshark
Surface - RUNTIME- Static
DEMOVIDEO
