Practical Malware Research Professional

Certification Link/Proof

• Course page: https://certifications.tcm-sec.com/pmrp/
• Proof: Verification available upon request.

Introduction

The PMRP uses all their skills to analyze malware samples, extract indicators of compromise (IoCs), produce YARA rules to detect, and create a professional report to bring it all together. PMRP holders demonstrate that they can analyze multiple samples in a restricted time-frame.

Corporateses translation: We need to understand what this malware does and how we can detect it on our systems.

Why I Took It

I pursued this certification after transferring to the blue team and wanted to make maximum impact. These skills were lacking on the team and I knew that I could provide them to help support the team.

Now, Why I Actually Took It

I hope to transition into cyber security research and thought this would be an excellent starting point into the reverse engineering heavy career path. Plus, I have a tendency to gravitate towards difficult topics. After hearing other people talk about its difficulty, I was hooked and knew that I had to take it. Finally, I like classes with a hands-on, practical component. The challenge itself is part of the appeal.

Skills Gained

The first thing that we had to learn is to set-up a lab so we could work with the malware in a safe, isolated environment. This environment would also have the tools available to track what the malware was doing, from a host and network perspective. After getting set-up, we can perform basic static analysis. This includes strings and library analysis looking for any interesting artifacts. Then, we perform basic dynamic analysis which includes detonation. We can use the detonation output to confirm the basic static analysis. We move up to advanced static and dynamic analysis. This includes using a disassembler and debugger to get a deeper, assembly view of what the malware is doing. Based on the output of the analysis, we can develop YARA rules to discover the files on disk. Finally, we learned report writing to make professional reports.

Tools & Technologies Used.

• FlareVM.
• REMNux.
• Cutter.
• x32dbg.
• Procmon.
• TCPView.
• Regshot.
• Floss.
• PEStudio.
• INETSim.
• Wireshark.

Related Works

• Malware Analysis Report
• My Malware Analysis Certification Journey

Tips & Lessons Learned

• Maintain Lab Hygiene: Snapshots and version control as you detonate samples.
• Build a Solid Workflow: Solid workflow to standardize process.
• Document as you go: Saves massive time in reporting.
• Be thorough: Read large output for important pieces.

Outcome/Status