1 00:00:07,180 --> 00:00:13,900 The most common use for reverse engineering is in targeting Maori like any other software, malware 2 00:00:13,900 --> 00:00:15,730 has its installation process. 3 00:00:16,120 --> 00:00:20,620 The difference is that it doesn't ask for permission to install. 4 00:00:21,970 --> 00:00:27,850 Mother does not even installing the program files folder where there are other legitimate applications 5 00:00:27,850 --> 00:00:28,540 are installed. 6 00:00:29,650 --> 00:00:33,730 Rather, it's tend to install its malware file in the folders. 7 00:00:33,740 --> 00:00:39,460 They're not commonly entered by the user, making it hidden from being noticed. 8 00:00:41,390 --> 00:00:49,580 However, some shows are and generates copies of itself in almost all noticeable folders such as the 9 00:00:50,060 --> 00:00:50,600 desktop. 10 00:00:51,550 --> 00:00:58,960 Its purpose is to get its copies executed by users, be it by Xiulan exponential, double quick or by 11 00:00:58,960 --> 00:00:59,740 curiosity. 12 00:01:00,130 --> 00:01:02,470 This is what we usually call malware. 13 00:01:02,470 --> 00:01:09,770 Persistence, persistence is and the malware costs something runs in the background in this election. 14 00:01:09,790 --> 00:01:15,370 We will be pointing out Kanwal techniques used by malware to become resistant. 15 00:01:15,940 --> 00:01:21,070 We will also look at exactly Komal location where malware files are stored. 16 00:01:22,170 --> 00:01:28,740 Major behaviors of Malawi and some tools that are capable of identifying malware installs itself in 17 00:01:28,740 --> 00:01:30,540 the system will also be shown. 18 00:01:30,930 --> 00:01:38,100 Understanding how malware is delivered will definitely help reverse engineer explain how the attacker 19 00:01:38,100 --> 00:01:39,890 was able to compromise the system. 20 00:01:42,450 --> 00:01:49,410 Current malware detection methods are currently the most used methods for remote detection or anti malware 21 00:01:49,410 --> 00:01:57,090 signatures, humoristic analysis and random behavioral audits and anti malware signature or commonly 22 00:01:57,090 --> 00:02:04,230 called signature or definition, is an algorithm or hash that is used to uniquely identify malware. 23 00:02:04,560 --> 00:02:11,370 Signatures are representations of either complete files or pieces of code that have already been discovered 24 00:02:11,370 --> 00:02:12,120 as malicious. 25 00:02:13,120 --> 00:02:18,910 This is the most commonly used way to identify and take action against malware today. 26 00:02:20,070 --> 00:02:26,790 How realistic analysis is the process of analyzing how the code is written and determining if it is 27 00:02:26,790 --> 00:02:31,800 malicious or not based on assumption of the court's intended purpose? 28 00:02:32,700 --> 00:02:39,400 Heuristic takes commonly known indicators into account to land the final conclusion. 29 00:02:39,900 --> 00:02:46,350 This approach can, however, lead to many false positives, which is why heuristic analysis is almost 30 00:02:46,350 --> 00:02:50,270 always used in combination with another method of identification. 31 00:02:52,380 --> 00:02:58,950 Behavioral unit audits of malware was systems excluding code and observing its interaction with the 32 00:02:58,950 --> 00:03:03,420 computer or server at runtime in order to fully understand their codes intent. 33 00:03:04,140 --> 00:03:09,270 These others are usually performed by a person with a virtual or sandbox environment. 34 00:03:09,720 --> 00:03:15,270 These environments shield the person performing the audit from any potential harm the malware may cause 35 00:03:15,270 --> 00:03:19,200 by allowing them to see the effects of the code being run. 36 00:03:19,920 --> 00:03:25,380 These detection methods are tried and true approaches, discovering and classifying malware. 37 00:03:26,040 --> 00:03:33,540 Each of these methods are used in combination to understand newly discovered malware and pinpoint attack 38 00:03:33,840 --> 00:03:42,060 that will give security professionals are then able to devise the best ways to protect against these 39 00:03:42,060 --> 00:03:42,720 attacks.