Malware analysis

moneymad

Anyone working in this area?

What do you want to know?

moneymad

Whats the best way to go about getting a job in this field?

I currently work as onsite support for a large pharma company.
I got into IT 2 years ago by studying at home for the CCNA, which got me an internship.

At the moment I'm going through a book called practical malware analysis and following the exercises.
Skills wise I'm learning x86 assembler - nasm, and stepping through the code using the windbg debugger.
Thank you.

Sounds like you're on the right track and if learning assembly hasn't scared away yet then that's a good sign!

What I've heard is Symantec have a very good system for taking new recruits and teaching them RE/Malware Analysis. The best guy in our office for RE came from Symantec. if you're looking to focus on Malware Analysis especially at an entry level position I'd say a great move would be to join their team for a couple of years. I've never worked there so I'm not talking from personal experience, hopefully somebody else on here could elaborate?

The company I work for focus on Incident Response so as an Analyst my role is fairly open and involves doing whatever is required to write the attackers story. This includes Malware analysis but I don't do RE personally, If we need an in-depth analysis of a sample then we send it to our Reversing team called FLARE. From what I've seen they hire people at all levels, sometimes straight from college but I think it's rare.

The guy who heads up our FLARE team wrote the book you're currently reading so you're defiantly not wasting your time. You'll find in later chapters that there is a certain level of assembly knowledge which is assumed and came make some of the exercises difficult. For learning x86 i've been recommended opensecuritytraining.info but I have yet to do any of the courses.

The other route you could would be to move into a more general IT Security role and then work into a Malware Analysis role which might be a better option for you. The downside being it's going to take longer to get where you want to be.

There's no harm reaching out to a company you want to work for and expressing an interest, they'll be able to explain better than me what the requirements are but for anything in this industry having an interest is a huge factor.

Best of luck with it!

Joe Exotic

If you want to really turn heads at the interview stage start a blog on malware analysis. get samples of malware and do an an analysis of them.

To get experience sign up to www.crackmes.de it has loads of small programs such as keygens (written by members usually as challenges) and you have to reverse engineer them to get the password - or whatever. its great experience. this site has programs for all ranges of expertise plus it has solutions!!!

I tried this route but found I was just not able for the assembly

so do all that and write your blog up with how you get on. this will show an interest and you can show your progression.

When you can do the crackmes.des programs get an actual sample of malware and run it on a virtual then reverse engineer it. you could run it through a sandbox first - cuckoo maybe. to show what you should be expecting.

My lecturer on malware analysis in college was the one who suggested this to me he is a senior researcher (he lectures part time and works in one of the major AV companies) in the field of malware analysis.

Remember that malware analysis and reverse engineer in is almost a calling because of the Assembly - you need to love it to be good at it, for this reason a lot of major companies will be happier with someone who can show this love rather than someone with just certifications

My lecturer told me the best guy on his team had no qualifications but had a blog like I described above which they logged into during the interview !!!

Sorry for the long post and good luck with it !!!

syklops

murphk wrote: »

If you want to really turn heads at the interview stage start a blog on malware analysis. get samples of malware and do an an analysis of them.

To get experience sign up to www.crackmes.de it has loads of small programs such as keygens (written by members usually as challenges) and you have to reverse engineer them to get the password - or whatever. its great experience. this site has programs for all ranges of expertise plus it has solutions!!!

I tried this route but found I was just not able for the assembly

so do all that and write your blog up with how you get on. this will show an interest and you can show your progression.

When you can do the crackmes.des programs get an actual sample of malware and run it on a virtual then reverse engineer it. you could run it through a sandbox first - cuckoo maybe. to show what you should be expecting.

My lecturer on malware analysis in college was the one who suggested this to me he is a senior researcher (he lectures part time and works in one of the major AV companies) in the field of malware analysis.

Remember that malware analysis and reverse engineer in is almost a calling because of the Assembly - you need to love it to be good at it, for this reason a lot of major companies will be happier with someone who can show this love rather than someone with just certifications

My lecturer told me the best guy on his team had no qualifications but had a blog like I described above which they logged into during the interview !!!

Sorry for the long post and good luck with it !!!

That is excellent advice, and I would echo the sentiments on having to love Assembly to be up for it.

h57xiucj2z946q

murphk wrote: »

To get experience sign up to www.crackmes.de it has loads of small programs such as keygens (written by members usually as challenges) and you have to reverse engineer them to get the password - or whatever. its great experience. this site has programs for all ranges of expertise plus it has solutions!!!

Now that is a blast from the past. Forgot that site still existed. I thew up some very basic challenge on that site before if interested: http://www.crackmes.de/~damo2k/