The Intel Management Engine operates on Ring -3, the Most Privileged. Because it is more privileged than SMM. It has unrestricted access to the primary processor. It has complete access to entire memory.

Only when the CPU is in “System Management Mode” can the system management software run (SMM). SMM is the most critical processor state that exists.

System Management Mode deep dive: How SMM isolation hardens the platform - Microsoft Security Blog Source Microsoft

Ring -1 for BIOS/UFEI (The cpu’s firmware (BIOS, UEFI, etc.) conducts various startup activities when in real mode. Most of the times it’s also used for Hypervisors

Ring 0 is reachable to a kernel, which would be a critical component of most operating systems and has direct access to just about everything. The code operating there is indeed in kernel mode. Programs operating in kernel mode might have an impact on the entire system.

Ring 1 & 2 are reserved for device drivers such as Mouse, Keyboard, Video Card etc. The goal of rings 1 and 2 is to provide extra accessibility without letting a certain driver to collapse the entire system.

Ring 3 is used for normal non-rooted applications and user work. At this level, user-written code is also executed.

Sandboxed/Containerized Application works on this level to add one more security level and limit the access of application/User to OS.

adaada

Malware Analysis

  • Static
  • Dynamic
  • Hybrid

Types of Malwares

Trojans

A trojan is a form of malware that hides its actual substance in order to trick the consumer into believing it is a safe file.
The following are some of the most prevalent forms of Trojan viruses:
» Backdoor Trojans
» Exploit Trojans
» Rootkit Trojans
» Downloader Trojans

Ransomwares

Ransomware is a type of malware that is always developing and is meant to lock data on a machine, leaving any data and the methods that depend on them inoperable. Malicious hackers will then demand a ransom to unlock the data.

Ransomware having many families i.e. (Cerber, Sodinokibi, Babuk, Ryuk and Mailto)

Rootkits

A rootkit is a covert computer software that is meant to maintain elevated computer access but actively concealing its operation. The phrase rootkit is derived from the terms “root” and “kit.” Traditionally, a rootkit was a suite of techniques that granted administrators access to a machine or networks.

Rootkit Types

  • User-mode or application rootkit
  • Memory rootkit
  • Bootloader rootkit or Bootkit
  • Hyper-V rootkits
  • Hardware or firmware rootkit
  • Kernel rootkit

Keyloggers

Keyloggers, often known as keystrokes trackers, are software applications or physical hardware that monitor keypad activity (keys pushed). Keylogging software are a type of malware in which consumers are clueless that their activities are being recorded.

Fileless

Fileless malware is a form of malicious code that infects a machine via infiltrating normal apps. Which does not use files and leaves no trace, making it difficult to identify and delete.

Malware Analyst Professional

Perquisites

» Basic Understanding of Programming Languages (Python, .NET, C/C++)
» Basic Understanding of User mode debugging
» Basic Understanding of File formats and structures

Modules

  • Introduction to Debuggers
  • Fundamentals for Static and Dynamic Analysis
  • Basic Principles for Reverse Engineering
  • IDA Pro and Ghidra maneuvers
  • x86 and x64 assembly for reversing
  • Reversing PE files and DLL 
  • Understanding the Process injection of malware
  • Fundamentals of cryptography for malwares
  • C# and Java code obfuscation to readable code
  • Understanding File compression code with reversing
  • Methodologies to analyzed Fileless malware
  • Demonstration of complete malware reversing (Ransomware) 

Malware Analyst Expert

Perquisites

» Good Knowledge of Kernel and User Mode Debugging
» Virtualization hands-on experience
» Basic Understanding Operating System APIs (Win)
» dnSpy hands-on experience
» Malware Analyst Professional (Recommended)

Modules

  • Reversing Anti-Debugger Malwares
  • Understanding Injection/Using Windows API by malwares
  • Analysis of Shellcode/Exploit into PDF/RTF Files
  • Reversing Packed and Unpacked Malware Files
  • Reversing Fileless Malware
  • Finding the Correct Kill-Switch from malware
  • Understanding rootkits pattern from Ring 3 to Ring 0
  • Python for Malware Detection 
  • Understanding Hardware Malware (Hardware Trojans)

Get Yourself Enrolled

Are You Ready to Become Reverse Engineer ?

Enter Mobile Number with Country Code
Thank you for your message. Our sales representative team will contact you shortly
There was an error trying to send your message. Please try again later.