2025-12-13 –, Rookie Track 2
Getting a new malware sample can feel overwhelming, there’s so much you could do, but where should you start? In this talk, I’ll share the simple workflow I use when I first encounter a fresh sample. We’ll begin with a quick sandbox run to see high-level behavior, then move into static analysis to spot strings, imports, and obfuscation tricks. I’ll finish with dynamic analysis and persistence, showing how the pieces fit together to reveal what the malware is doing. Using a real-world example from my blog, I’ll highlight the free tools I rely on and explain why I choose them at each stage. The goal is to make malware analysis less intimidating, show that anyone can begin safely, and give you enough resources and confidence to try your own analysis.
When I started exploring malware, I often didn’t know how to begin analyzing a new sample. Over time, I built a step-by-step process that helps me stay organized and avoid feeling lost. In this talk, I’ll walk through that workflow using a real sample I’ve covered on my blog (such as REMCOS or Whitesnake).
The session starts with running the malware in a sandbox to get an overview of its activity, network calls, dropped files, and other behaviors. Next, I’ll demonstrate static analysis, showing what you can learn from strings, imports, and how to spot common obfuscation tricks. Finally, I’ll touch on dynamic debugging and persistence mechanisms, explaining how these steps help complete the picture.
Throughout, I’ll highlight free tools that anyone can access, and explain how they fit into the analysis process. This talk is designed for beginners but should still provide useful insights for anyone interested in malware research.
malware analyst, penetration tester, aspiring exploit developer.
i also love threat intelligence.