Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
GREM - Tips
06-11-2017, 01:05 AM
Post: #1
GREM - Tips
Hello,

I've been self studying for the GREM the last couple of months. I've been through Practical Malware Analysis, Malware Analyst's Cookbook, IDA Pro book, and the Art of Memory Forensics. Does anyone know where I might be able to find a list or cheat sheet containing some of the most common Windows APIs or System Calls that would be most commonly used in malware? For example how does PEStudio know which to consider blacklisted or known indicators. Also if you have any tips for self study please let me know! I was hoping to attend FOR610 as work-study but unfortunately I wasn't selected.

Thanks everyone!
Find all posts by this user
Quote this message in a reply
06-18-2017, 02:39 PM
Post: #2
RE: GREM - Tips
There was a thread that you should be able to find on this list's archive titled "Malware-related API calls' list index".

Help us keep this forum clean by reporting spam / scam.
Find all posts by this user
Quote this message in a reply
06-18-2017, 02:41 PM
Post: #3
RE: GREM - Tips
To be honest, if you reverse the thought process and think about what functionalities a malware author would want to achieve (e.g. persistence, file manipulation, network comms) then it wouldn't be difficult to identify the API calls that you should know.

For example:

http://resources.infosecinstitute.com/wi...rt-1/#gref
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)