Author: Dr. Xiang Fu
Roadmap: You need to first follow Tutorials 1 to 4 to set up the lab configuration. Then each tutorial addresses an independent topic and can be completed separately (each one will have its own lab configuration instructions).
Malware Analysis Tutorial 1- A Reverse Engineering Approach (Lesson 1: VM Based Analysis Platform)
Malware Analysis Tutorial 2- Introduction to Ring3 Debugging
Malware Analysis Tutorial 3- Int 2D Anti-Debugging .
Malware Analysis Tutorial 4- Int 2D Anti-Debugging (Part II)
Malware Analysis Tutorial 5- Int 2D in Max++ (Part III) .
Malware Analysis Tutorial 6- Self-Decoding and Self-Extracting Code Segment .
Malware Analysis Tutorial 7: Exploring Kernel Data Structure .
Malware Analysis Tutorial 8: PE Header and Export Table .
Malware Analysis Tutorial 9: Encoded Export Table .
Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools .
Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints .
Malware Analysis Tutorial 12: Debug the Debugger - Fix Module Information and UDD File .
Malware Analysis Tutorial 13: Tracing DLL Entry Point .
Malware Analysis Tutorial 14: Retrieve Self-Decoding Key .
Malware Analysis Tutorial 15: Injecting Thread into a Running Process .
Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack .
Malware Analysis Tutorial 17: Infection of System Modules (Part I: Randomly Pick a Driver).
Malware Analysis Tutorial 18: Infecting Driver Files (Part II: Simple Infection) .
Malware Analysis Tutorial 19: Anatomy of Infected Driver
Malware Analysis Tutorial 20: Kernel Debugging - Intercepting Driver Loading .
Malware Analysis Tutorial 21: Hijacking Disk Driver
Malware Analysis Tutorial 22: IRP Handler and Infected Disk Driver
Malware Tutorial Analysis 23: Tracing Kernel Data Using Data Breakpoints
Malware Analysis Tutorial 24: Tracing Malicious TDI Network Behaviors of Max++
Malware Analysis Tutorial 25: Deferred Procedure Call (DPC) and TCP Connection
Malware Analysis Tutorial 26: Rootkit Configuration
Malware Analysis Tutorial 27: Stealthy Loading of Malicious Driver
Malware Analysis Tutorial 28: Break Max++ Rootkit Hidden Drive Protection
Malware Analysis Tutorial 29: Stealthy Library Loading II (Using Self-Modifying APC)
Malware Analysis Tutorial 30: Self-Overwriting COM Loading for Remote Loading DLL
Malware Analysis Tutorial 31: Exposing Hidden Control Flow
Malware Analysis Tutorial 32: Exploration of Botnet Client
Malware Analysis Tutorial 33: Evaluation of Automated Malware Analysis System I (Anubis)
Malware Analysis Tutorial 34: Evaluation of Automated Malware Analysis Tools CWSandBox, PeID, and Other Unpacking Tools
http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
