Here takes Windows virus analyst as an example to explain the career development route and professional ability of virus analyst. Some modules in the picture are divided into red and yellow,Among them, red represents the most important, and yellow represents relatively important.
Virus analysis engineers are high-end cyber security talents who cannot be replaced by artificial intelligence in the future and have a very large gap. In the future, they will become essential security talents for many large companies. Compared with penetration testers and vulnerability analysts, virus analysis engineers are more inclined to reverse analysis of Windows local executable files.
1. What kind of work can virus analysis engineers do?
Answer: Virus analysis engineers can learn more in-depth anti-debugging, anti-virtualization, memory protection and confrontation, and transform them into professionalWindows reverse engineer, To become a major game companyAnti-plugin engineer. You can learn proper penetration testing knowledge and develop strong decryption skills, which can becomeAPT(Advanced Sustainability Threat) Cyber Forces. You can learn the types of vulnerabilities, be proficient in debugging methods of various platforms, shellcode execution methods, and becomeVulnerability security researchpersonnel.
2. What is the job content of a virus analysis engineer?
Answer: From the degree of ease and difficulty, it can be divided into the following tasks:
1. Rule extraction and sample management, sample collection and testing
2. General script type virus analysis, report writing
3. Reverse analysis of complex viruses written in C++ , And can decrypt simple ransomware, repair some infected files. It can play a supporting role in the design of the engine and the program in the project.
4. Familiar with winodws network communication protocol and underlying kernel driver principles, able to debug driver-level Rootkit; able to grasp and analyze protocol packets and traffic proficiently, and have a deeper understanding of network communication programming. (This refers to the horizontal expansion of capabilities. It can analyze Rootkits that rarely appear and some viruses that rely on communication but cannot be reproduced.)
Fifth, it has strong algorithm reverse capabilities and skilled debugging capabilities. It can quickly decrypt decompression algorithms, codec methods, common symmetric encryption and decryption algorithms, reverse algorithms and restore crack algorithms implemented in various languages.
6. Be able to grasp the style of the code, be familiar with the APT attack methods and potential connections of large hacker organizations, and have strong traceability capabilities.
3. What are the capabilities of a senior virus analysis engineer?
Answer: A virus analysis engineer who has been in the business for many years should be able to deal with APT attacks quickly. Not only must have a strong ability to sense virus attack trends, but also grasp the latest threat intelligence information. For APT attack events, it can quickly locate the family and source, analyze the attack process (provide suggestions for defense strategies), trace the source of the attacker,The sooner the better, the more thorough and detailed the better, The stronger the ability. If the attacker implants a backdoor, infects files, or performs strong encryption and decryption, he should write corresponding programs as soon as possible to repair the computer and restore it to a normal state. It can be seen that a senior virus analysis engineer needs a long time to accumulate anti-virus experience. It is not like a pure programming language ability development technology, which will be eliminated by new compilers and new language grammars over time. A virus analysis engineer is a detective in the computer world. According to the execution rules of the computer, follow up the program from the assembly language level, identify the behavior and operation of the software implemented in various languages, and complete the identification and detection of advanced viruses from the deepest memory card. . Does the virus analysis engineer have strong reverse engineering capabilities? No, the author thinks that if the reverse engineering is divided into 5 levels, then the virus analysis engineer’s reverse engineering ability is only 3 level, those who engage in software patches and game protection have reverse engineering ability at level 4, and CTF’s reverse engineering ability is at level 5. .
4. Why are there so few jobs for virus analysis engineers?
Answer: The era of national network security has arrived. All companies that rely on network services should have their own personnel who respond to viruses and vulnerabilities and observe the latest developments in threat intelligence, so that they can prevent and resolve network attacks as quickly as possible. Virus analysis engineer should not be a niche profession, because advanced and complex viruses can never be done by one person alone, because he may be faced with the attack tools of the entire hacker team or even the attack team with national background. Security practitioners should work together to effectively defend against attacks by senior hacker teams and ensure the prosperity and stability of the enterprise and the country.
5. How to become a virus analysis engineer?
Answer: Those who are interested are welcome to join my learning exchange QQ group 366469549. muah.