Location
https://ccse.kennesaw.edu/computing-showcase/cday-programs/spring2021program.php
Event Website
https://sites.google.com/view/it4983-malware-analysis
Document Type
Event
Start Date
26-4-2021 5:00 PM
Description
The motivation for this project is driven by evaluation of the different tools on the market that allow for breaking down executables or binary files, and understanding what the malware is doing. By reverse-engineering the malware, we can understand its impact and how to protect against it. Our focus is to understand where different tools are stronger than others, as well as understand the evolving landscape of malware and security overall. For this capstone project, we utilized two different tools and many sample malware files. The methods used to debug the malware are detailed in our milestone two report and will be expanded upon in our final presentation. At this point, we've found the tool WinDbg to be the most versatile for binary and executable debugging. We also evaluated IDA Pro, and understand the many ways in which its graphical display of data and relationships, equips a researcher with the necessary tools and information to walk through an executable. Our focus in milestone 3 is to expand our documentation and guide on malware debugging to the point that it provides a user the full breadth of information and steps needed to start from scratch and end with a broken apart piece of malware. We provided much of this as part of the milestone 2 presentation and report, but we will continue to build on it so it's a useful how-to guide for anyone trying to debug a piece of malicious code.Advisors(s): Dr. Ying Xie yxie2@kennesaw.eduTopic(s): SecurityIT 4983
Included in
UC-15 Malware Analysis Using Reverse Engineering
https://ccse.kennesaw.edu/computing-showcase/cday-programs/spring2021program.php
The motivation for this project is driven by evaluation of the different tools on the market that allow for breaking down executables or binary files, and understanding what the malware is doing. By reverse-engineering the malware, we can understand its impact and how to protect against it. Our focus is to understand where different tools are stronger than others, as well as understand the evolving landscape of malware and security overall. For this capstone project, we utilized two different tools and many sample malware files. The methods used to debug the malware are detailed in our milestone two report and will be expanded upon in our final presentation. At this point, we've found the tool WinDbg to be the most versatile for binary and executable debugging. We also evaluated IDA Pro, and understand the many ways in which its graphical display of data and relationships, equips a researcher with the necessary tools and information to walk through an executable. Our focus in milestone 3 is to expand our documentation and guide on malware debugging to the point that it provides a user the full breadth of information and steps needed to start from scratch and end with a broken apart piece of malware. We provided much of this as part of the milestone 2 presentation and report, but we will continue to build on it so it's a useful how-to guide for anyone trying to debug a piece of malicious code.Advisors(s): Dr. Ying Xie yxie2@kennesaw.eduTopic(s): SecurityIT 4983
https://digitalcommons.kennesaw.edu/cday/spring/undergraduatecapstone/4