Location

https://ccse.kennesaw.edu/computing-showcase/cday-programs/spring2021program.php

Streaming Media

Event Website

https://studentweb.kennesaw.edu/~wpharr/Website will be hosted on Github as well.

Document Type

Event

Start Date

26-4-2021 5:00 PM

Description

Cybercrimes are a billion-dollar industry that is rapidly growing by the day. One of the biggest threats faced by companies is the infection of malware. New forms of malware are created daily and ever evolving to evade detection methods. Understanding how malware infects your system and how it eludes detection is crucial to keeping a company's network and devices safe. During this project we will be using reverse engineering methods to better understand the functionality of malware, as well as how it eludes detection. We will be using IDAPro and WiDbg to perform the reverse engineering. Using this knowledge, we will create a set of security standards to help companies to protect themselves from these infections. We will also create a document on how to secure a virtual machine for malware analysis. This will help future students who also are interested in analyzing malware themselves. Our preliminary results include understanding some of the most used forms of malware evasion techniques. These techniques include stalling delays, which is when a piece of malware remains idle to defeat time-based antivirus scans. Another technique is action required delays, which is when a piece of malware will only execute once an action or group of actions are performed this will trigger the malware to execute. Another way that malware is able to evade detection is fragmentation. In this technique the malware will split into multiple different fragments, which alone do not raise flags as suspicious, then rejoin and execute.Advisors(s): Dr. Hossain ShahriarTopic(s): SecurityIT 4983

Share

COinS
 
Apr 26th, 5:00 PM

UC-30 Malware Analysis Using Reverse Engineering

https://ccse.kennesaw.edu/computing-showcase/cday-programs/spring2021program.php

Cybercrimes are a billion-dollar industry that is rapidly growing by the day. One of the biggest threats faced by companies is the infection of malware. New forms of malware are created daily and ever evolving to evade detection methods. Understanding how malware infects your system and how it eludes detection is crucial to keeping a company's network and devices safe. During this project we will be using reverse engineering methods to better understand the functionality of malware, as well as how it eludes detection. We will be using IDAPro and WiDbg to perform the reverse engineering. Using this knowledge, we will create a set of security standards to help companies to protect themselves from these infections. We will also create a document on how to secure a virtual machine for malware analysis. This will help future students who also are interested in analyzing malware themselves. Our preliminary results include understanding some of the most used forms of malware evasion techniques. These techniques include stalling delays, which is when a piece of malware remains idle to defeat time-based antivirus scans. Another technique is action required delays, which is when a piece of malware will only execute once an action or group of actions are performed this will trigger the malware to execute. Another way that malware is able to evade detection is fragmentation. In this technique the malware will split into multiple different fragments, which alone do not raise flags as suspicious, then rejoin and execute.Advisors(s): Dr. Hossain ShahriarTopic(s): SecurityIT 4983

https://digitalcommons.kennesaw.edu/cday/spring/undergraduatecapstone/10