Location

https://ccse.kennesaw.edu/computing-showcase/cday-programs/spring2021program.php

Streaming Media

Event Website

https://sites.google.com/view/it4983-malware-analysis

Document Type

Event

Start Date

26-4-2021 5:00 PM

Description

The motivation for this project is driven by evaluation of the different tools on the market that allow for breaking down executables or binary files, and understanding what the malware is doing. By reverse-engineering the malware, we can understand its impact and how to protect against it. Our focus is to understand where different tools are stronger than others, as well as understand the evolving landscape of malware and security overall. For this capstone project, we utilized two different tools and many sample malware files. The methods used to debug the malware are detailed in our milestone two report and will be expanded upon in our final presentation. At this point, we've found the tool WinDbg to be the most versatile for binary and executable debugging. We also evaluated IDA Pro, and understand the many ways in which its graphical display of data and relationships, equips a researcher with the necessary tools and information to walk through an executable. Our focus in milestone 3 is to expand our documentation and guide on malware debugging to the point that it provides a user the full breadth of information and steps needed to start from scratch and end with a broken apart piece of malware. We provided much of this as part of the milestone 2 presentation and report, but we will continue to build on it so it's a useful how-to guide for anyone trying to debug a piece of malicious code.Advisors(s): Dr. Ying Xie yxie2@kennesaw.eduTopic(s): SecurityIT 4983

Share

COinS
 
Apr 26th, 5:00 PM

UC-15 Malware Analysis Using Reverse Engineering

https://ccse.kennesaw.edu/computing-showcase/cday-programs/spring2021program.php

The motivation for this project is driven by evaluation of the different tools on the market that allow for breaking down executables or binary files, and understanding what the malware is doing. By reverse-engineering the malware, we can understand its impact and how to protect against it. Our focus is to understand where different tools are stronger than others, as well as understand the evolving landscape of malware and security overall. For this capstone project, we utilized two different tools and many sample malware files. The methods used to debug the malware are detailed in our milestone two report and will be expanded upon in our final presentation. At this point, we've found the tool WinDbg to be the most versatile for binary and executable debugging. We also evaluated IDA Pro, and understand the many ways in which its graphical display of data and relationships, equips a researcher with the necessary tools and information to walk through an executable. Our focus in milestone 3 is to expand our documentation and guide on malware debugging to the point that it provides a user the full breadth of information and steps needed to start from scratch and end with a broken apart piece of malware. We provided much of this as part of the milestone 2 presentation and report, but we will continue to build on it so it's a useful how-to guide for anyone trying to debug a piece of malicious code.Advisors(s): Dr. Ying Xie yxie2@kennesaw.eduTopic(s): SecurityIT 4983

https://digitalcommons.kennesaw.edu/cday/spring/undergraduatecapstone/4