PMAT-labs: Labs for Practical Malware Analysis & Triage

labs for Practical Malware Analysis

PMAT-labs – The labs for Practical Malware Analysis & Triage

This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate common malware characteristics or are live, real-world, “caught in the wild” samples. Both categories are dangerous. These samples are to be handled with extreme caution at all times.

  • Do not download these samples to a computer you do not own.
  • Do not execute any of these samples on a computer you do not own.
  • Do not download and/or execute these samples in an environment that you cannot revert to a saved state, i.e. a virtual machine.
  • Practice safe malware handling procedures at all times when using these samples.

By downloading the contents of this repository, regardless of if you have purchased the course or not, you are agreeing to the End User License Agreement. Please refer to EULA.md for more information.

Topics

Each section is broken down by topic:

0. Malware Handling and Safety

This section covers basic malware handling and safety, including defanging malware and safe practices for transfer and storage.

1. Basic Static | Basic Dynamic

This section covers initial triage, static analysis, initial detonation, and the primary methodology of basic analysis.

2. Advanced Static | Advanced Dynamic

This section covers advanced malware analysis methodology and introduces Assembly, debugging, decompiling, and inspecting the Windows API at the ASM level.

3. Specialty Class Malware

This section covers different specialty classes of malware like maldocs, C# assemblies, and script-based malware. It also includes a section on mobile platform malware analysis.

4. Bossfights!

The Bossfights pit you against infamous real-world samples of malware and require you to do a full analysis.

5. Automation | Rule Writing | Report Writing

This section covers effective report writing, Yara rule writing, and automating the initial stages of triage with Blue-Jupyter.

6. Course Conclusion: Course Final | References | Resources | Further Readings

The course final consists of a capstone in which you will combine all relevant skills in this course to write and publish open-source information about a given sample from the course.

The course conclusion includes further readings, references, and helpful resources for further learning.

Please note: some samples are used multiple times in different sections. Check to make sure which sample the course videos are referencing and that you have the correct one for a given video.

Download