Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

The State of Malware Analysis: Advice from the Trenches

Authored byLenny Zeltser
Lenny Zeltser

malware-analysis-panel_01.jpg

What malware analysis approaches work well? Which don’t? How are the tools and methodologies evolving? The following discussion–captured as an MP3 audio file–offers friendly advice from 5 malware analysts. These are some of the practitioners who teach the reverse-engineering malware course (FOR610) at SANS Institute:

  • Jim Clausing: Security Architect at AT&T and Internet Storm Center Handler (Panelist)
  • Evan Dygert: Senior Security Engineer for Blue Cross Blue Shield Association (Panelist)
  • Anuj Soni: Senior Threat Researcher at Cylance (Panelist)
  • Jake Williams: Principal Consultant and Founder at Rendition InfoSec (Panelist)
  • Lenny Zeltser: CISO at Axonius and Maintainer of the REMnux distro (Moderator)

To listen to the discussion, download the MP3 audio file.

We covered the following questions. Here’s where you can find each of them in the recording, in case you’d like to jump to a specific topic:

  • Which malware family or sample do you consider representative of or pivotal to a particular time period? (1:05)
  • How has your approach to examining malware changed over the years? (7:17)
  • What role do automated sandboxes play in the analysis process? (14:30)
  • What are your go-to tools for code-level analysis? (20:15)
  • Which malware analysis tools are useful for people who are just getting started with this type of work? (27:21)
  • What advice do you have for analyzing malware that’s not a standard compiled Windows executable? (34:55)
  • How often do you see malware that uses a technique you consider innovative? (39:01)
  • Is endpoint security software becoming more effective at detecting malware? How are malware authors evading detection? (41:30)
  • What aspects of malware analysis have become easier? What’s getting harder? (46:06)
  • What are the career paths for the individuals who analyze malware for a living? (53:52)

Many thanks to Jim, Evan, Anuj, and Jake for sharing their insights during this panel discussion, which I had the privilege of moderating. If you’d like to strengthen your malware analysis skills, take a look at the FO610 course we teach at SANS Institute.

-- Lenny Zeltser

Lenny Zeltser is a Faculty Fellow at SANS Institute. He is active on TwitterThis post originally appeared on Lenny Zeltser's blog.

Meet the expert

Lenny Zeltser
Lenny Zeltser

Lenny Zeltser

Fellow

Lenny Zeltser, CISO at Axonius, is a leader in developing resilient security programs. His invaluable tools, like REMnux, a widely used Linux distribution for malware analysis, have become industry standards in combating malicious software.

Read more about Lenny Zeltser
The State of Malware Analysis: Advice from the Trenches | SANS Institute