What is required to work in Malware Analysts Jobs ?
Continuing CyberTalents webinar series “What is required to work in cyber security jobs”, our second webinar “ What is required to work in Malware Analysts Jobs”had great success. When it comes to malware analysis, one of the best talents that can talk about it is “ Eng. Amr Thabet”, reverse engineer at tenable and former malware researcher in Symantec. Amr shared with us his experience, career path and career advice in the malware analysis jobs. The webinar wasn’t only useful for those who want to start their career path in malware analyst jobs but also who have been working in the field and want to boost their skills.
Before going deep, Let’s start with definitions: What does malware analysis mean?
“It is one of the most important science in cybersecurity field.Malware analysis is the science of on reverse engineering or analyzing different malware types like viruses, worms, trojan or others trying to understand the impact of the malware, read the binaries, encryption techniques, know the attackers’ intentions, what can happen if this malware run on an infected machine, its communications with different websites, compilation time, stolen data and even more.”said Amr
What is the exact role of a Malware analyst?
Malware analyst has a vital role in incident handling , as he can answer questions that any security engineer can’t answer from the logs which are:
1- Who is behind this attack?
2- How he penetrated our systems?
3- What’s the attack vector?
4- Can it spread through the network?
5- How much control does this malware give?
6- How much data is exfiltrated?
The malware analyst as well plays a vital role in stopping national attacks such as ransomwares, banking trojans and taking down cyber criminals networks.
Where can you work as a malware analyst?
Eng. Amr thabet mentioned three places where a you can find malware analysts jobs:
Antivirus companies like symantec, kaspersky, Trend Micro and others.
CERTs (Computer Emergency Response Team) whether in a government cert like US-CERT, Uk-CERT, Oman-CERT, Q-CERT or in a private CERT in big enterprises like google, facebook, Microsoft who has their own CERTs
Companies who provide incident handling services like Mandiant for example
What skills do you need to have to join malware analysts jobs?
“As threat intelligence jobs, working in malware analysts jobs requires a set of skills in different cybersecurity fields. You don’t have to gain advanced skills in all of them but at least you should be an expert in one or two of the below topics” said Amr. some of those skills are:
Network Security: you need to understand network protocols ( TCP, UDP, DNS, HTTP, HTTPs), how to analyse pcap files, how to use tools like wireshark and network monitor, learn more about domains, whois data,..etc.
Digital Forensics: you need to understand basic memory forensics, files modified, learn some tools like volatility & Memoryze is also so beneficial.
Malware analysis : you need to learn assembly language especially understanding code, learn how to use tools for static analysis like IDA Pro, dynamic analysis tools like ( ollydbg, windbg, gdp,..etc) and also behaviour analysis which is monitoring the behaviour the malware, the file it create, port communications and others through tools like Cuckoo and sysinternals
Encryption Techniques : Most malware are encrypted, so you need to understand different encryption algorithms and how to decrypt it.
Operating system internals: you need to understand stuff like windows internals, processes, threads, APIs, kernel, DLLs, EXE & PE headers and so on.
General Knowledge: understanding different attack vector knowledge like what is meant by exploits, shellcodes, rop and how it is used, know more about web attacks and OWASP Top 10. You can know more about the web attacks What is required to work in web pen testing jobs ? webinar. In addition to arab regional cyber security ctf
Important Resources:
There are expensive options like :
SANS 660 (Giac Reverse Engineering Malware)
If you would like to have some free knowledge then you will like to have a look on the below:
For Assembly
Assembly Course (Video Training)
Assembly tutorials (very easy to follow)
For Reverse Engineering
The Secrets Of Reverse Engineering” by Eldad Elmam This is Free Reverse Engineering Book (1078 pages)
CyberTalents has some nice challenges in malware analysis and reverse engineering.
For Malware Analysis
“Practical Malware Analysis” book
Published Reports: https://github.com/kbandla/APTnotes
“Reverse Engineering Malware” by Amanda Rousseau https://securedorg.github.io/RE101/ https://securedorg.github.io/RE102/
Malware Samples Database: https://virusshare.com/ http://malwr.com (if the sample is shared)
Windows (or any OS) Internals
“Identifying Malicious Code Through Reverse Engineering” book
“Windows Internals” by David A. Solomon. This is a reference more than a book
PE Header (EXE File) Tutorials
For Exploitation
For Programming
Python for Pentesters and Hackers: The training is by the founder of securitytube.net. It is not free but a cheap option (39$ for videos only)
For Web Attacks
OWASP Top 10
“Web Application Hacker's Handbook”
CyberTalents web challenges is also good for practice
Finally, although the number of other cyber security jobs like penetration testing jobs are more than malware analysis jobs in general but the number of professionals working as malware analysts are less than the jobs. It is a supply and demand issue where the supply is much less than demand in malware analysts jobs.