CFI2202 — Malicious Documents and Memory Forensics
CFI 2202 - Malicious Documents and Memory Forensics CFI 2202 - Malicious Documents and Memory Forensics Hours/Week: Lecture 2 Lab 2 Course Description: This course explores several techniques malware authors commonly employ to protect malicious Windows executables from being analyzed, often with the of packers. Course topics address bypassing analysis defenses, including structured error handling for execution flow, PE header corruption, fake memory breakpoints, tool detection, integrity checks, and timing controls. The course touches on Web browser malware and the use of additional tools and approaches for analyzing more complex malicious scripts written in VBScript and JavaScript by exploring common patterns of assembly instructions MnTC Goals None explain the Kernel API used by malware authors. use IDA configuration for programmatic reversing and script writing. describe common rootkit technologies. use WinDBG for kernel debugging. explain PE Anti-reversing techniques: De-obfuscating executables for IDA. explain user-mode obfuscation methods. demonstrate Anti-RE Techniques: Detecting debuggers, virtual machines, and other tricks. describe kernel assisted obfuscation. describe rootkit process / DLL injection. explain rootkit process / DLL injection. analyze reverse kernel-mode botnet bots. describe Metasploit’s Shikata-ga-nai. utilize Saffron and Ether during malware analysis. analyze physical memory with memorize. identify common algorithms inside worms. analyze Virtual Ma
Prerequisites: CFI1065