A Window into Malware? The New Malware Reverse Engineering Handbook from CCDCOE

According to Wikipedia, malware analysis is the study or process of determining the functionality, origin, and potential impact of a given malware sample. In this new handbook from the NATO Cooperative Cyber Defence Centre of Excellence, the authors share concise insight and general techniques for analyzing the most common malware types for the Windows OS.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Content Assessment: CCDCOE Malware Reverse Engineering Handbook

Information - 95%
Insight - 95%
Relevance - 95%
Objectivity - 100%
Authority - 100%

97%

Excellent

A short percentage-based assessment of the qualitative benefit of the recent post sharing the CCDCOE Handbook on Malware Reverse Engineering.

Editor’s Note: Published as an independent research paper from the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, this new handbook on malware reverse engineering provides important insight into how to analyze malware executables that are targeting the Windows platform.

Authored by Ahmet Balci, Dan Ungureanu, and Jaromir Vondruska from the CCDCOE, this handbook can be considered a solid first step in the investigation of malware and beneficial as a reference for data discovery and legal discovery professionals dealing with the expanding and costly threat of malware.

Taken from the NATO Cooperative Cyber Defence Centre of Excellence

Malware Reverse Engineering Handbook

Handbook Abstract

Malware is a growing threat that causes a considerable cost to individuals, companies, and institutions. Since basic signature-based antivirus defenses are not very useful against recently emerged malware threats or APT attacks, it is essential for an investigator to have the fundamental skill set in order to analyze and mitigate these threats. While specific measures need to be taken for particular cases, this handbook gives an overview of how to analyze malware samples in a closed environment by reverse engineering using static or dynamic malware analysis techniques. The information in this handbook focuses on reverse-engineering fundamentals from the malware perspective, without irrelevant details. Some simple steps and definitions are, therefore, omitted to retain the focus. Resources mentioned in this handbook can be accessed with a simple internet search.

There is no novel work presented in this handbook, as it can be considered as the first steps in investigating malware. The reader will become familiar with the most common open-source toolkits used by investigators around the world when analyzing malware. Notes and best practices are also included. By applying the techniques and tools presented here, an analyst can build Yara rules that can help during the investigation to identify other threats or victims.


Review the Complete Handbook (PDF)

Malware Reverse Engineering Handbook -CCDCOE

Read the original handbook from the CCDCOE


Additional Reading

Source: ComplexDiscovery

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.



Check Out the Observations Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

Missing Something? Topic Modeling in eDiscovery

The basic idea behind topic modeling, according to eDiscovery expert and...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

A Change in Tempo? eDiscovery Operational Metrics in the Summer of 2020

In the summer of 2020, 91 eDiscovery Business Confidence Survey participants...

Shifting Gears? eDiscovery Business Confidence Survey Results – Summer 2020

This is the nineteenth quarterly eDiscovery Business Confidence Survey conducted by...

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Mitratech Acquires Tracker Corp

The acquisition supports Mitratech’s mission to provide legal and compliance solutions...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...