Continuing CyberTalents webinar series “What is required to work in cybersecurity jobs”, our second webinar “ What is required to work in Malware Analysts Jobs” had a great success. When it comes to malware analysis, one of the best talents that can talk about it is “ Eng. Amr Thabet”, a reverse engineer at tenable and former malware researcher in Symantec. Amr shared with us his experience, career path and career advice in the malware analysis jobs. the webinar wasn’t only useful for those who want to start their career path in malware analyst jobs but also who have been working in the field and want to boost their skills.
Before going deep, Let’s start with definitions What does malware analysis mean?
“It is one of the most important science in the cybersecurity field.Malware analysis is the science of reverse engineering or analyzing different malware types like viruses, worms, trojan or others trying to understand the impact of the malware, read the binaries, understand encryption techniques, know the attackers’ intentions, what can happen if this malware run on an infected machine, its communications channels with different websites, compilation time, stolen data and even more,”said Amr
What is the exact role of a Malware analyst?
Malware analyst has a vital role in incident handling, as he can answer questions that any security engineer can’t answer like:
- Who is behind this attack?
- How he penetrated our systems?
- What’s the attack vector?
- Can it spread through the network?
- How much control does this malware give?
- How much data is exfiltrated?
The malware analyst as well plays a vital role in stopping national attacks such as ransomware, banking trojans and taking down cybercriminals network.
Where can you work as a malware analyst?
Eng. Amr Thabet mentioned three places where you can find malware analysts jobs:
- Antivirus companies like Symantec, Kaspersky, Trend Micro and others.
- CERTs (Computer Emergency Response Team) whether in a government cert like US-CERT, Uk-CERT, Oman-CERT, Q-CERT or in a private CERT in big enterprises like google, facebook, Microsoft who has their own CERTs
- Companies who provide incident handling services like Mandiant for example
What skills do you need to have to join malware analysts jobs?
“As threat intelligence jobs, working in malware analysts jobs requires a set of skills in the different cybersecurity field. You don’t have to gain advanced skills in all of them but at least you should be expert in one or two of the below topics” said Amr. some of those skills are:
- Network Security: you need to understand network protocols ( TCP, UDP, DNS, HTTP, HTTPs), how to analyze pcap files, how to use tools like Wireshark and network monitor, learn more about domains, whois data,..etc.
- Digital Forensics: you need to understand basic memory forensics, files modified, learn some tools like volatility & Memoryze is also so beneficial.
- Malware analysis : you need to learn assembly language especially understanding code, learn how to use tools for static analysis like IDA Pro, dynamic analysis tools like ( ollydbg, windbg, gdp,..etc) and also behaviour analysis which is monitoring the behaviour the malware, the file it creates, port communications and others through tools like Cuckoo and Sysinternals
- Encryption Techniques: Most malware are encrypted, so you need to understand different encryption algorithms and how to decrypt it.
- Operating system internals: you need to understand stuff like windows internals, processes, threads, APIs, kernel, DLLs, EXE & PE headers and so on.
- General Knowledge: understanding different attack vector knowledge like what is meant by exploits, shellcodes, rop and how it is used, know more about web attacks and OWASP Top 10. You can know more about the web attacks What is required to work in web pen testing jobs? webinar.
There are expensive options like :
- SANS 660 (Giac Reverse Engineering Malware)
- eLearning Security
If you would like to have some free knowledge then you will like to have a look on the below:
For Reverse Engineering
- The Secrets Of Reverse Engineering” by Eldad Elmam This is Free Reverse Engineering Book (1078 pages)
- CyberTalents has some nice challenges in malware analysis and reverse engineering
For Malware Analysis
- “Practical Malware Analysis” book
- Published Reports: https://github.com/kbandla/APTnotes
- “Reverse Engineering Malware” by Amanda Rousseau https://securedorg.github.io/RE101/
- Malware Samples Database: https://virusshare.com/ http://malwr.com (if the sample is shared)
For Windows (or any OS) Internals
- “Identifying Malicious Code Through Reverse Engineering” book
- “Windows Internals” by David A. Solomon. This is a reference more than a book
- PE Header (EXE File) Tutorials
- Python for Pentesters and Hackers: The training is the founder of securitytube.net. It is not free but a cheap option (39$ for videos only)
- “Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professional”
For Web Attacks
- OWASP Top 10
- “Web Application Hacker’s Handbook”
- CyberTalents web challenges is also good for practice
Finally, although the number of other cybersecurity jobs like penetration testing jobs is more than malware analysis jobs, in general, the number of professionals working as malware analysts are less than the jobs. It is a supply and demand issue where the supply is much less than demand in malware analysts jobs.