[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: hitb cinema :: lock picking village :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Conference Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/

Official Photos: http://photos.hitb.org

TECH TRAINING 4 - Practical Malcode Threat Analysis

Filed under: Main Page — Administrator @ 7:58 pm

Title: Practical Malcode Threat Analysis
Trainer: Dr. Jose Nazario (Senior Security Engineer, Arbor Networks)
Capacity: 20 pax
Duration: 2 days
Cost: (per pax) MYR2899 (early bird) / MYR3299 (non early-bird)


As the pace of challenges facing every network - and the people who have to defend them - grows, the need for more comprehensive information grows with it. When you can’t wait for AV firms and IPS vendors to provide a remedy on your timescale, you need to take matters into your own hands: “I need to protect the network, but I don’t have a lot of time or resources.”

This course is designed for information security professionals and enthusiasts who are tasked with protecting networks and businesses from a broad range of threats. This course will also suit people who are interested in learning more about the current Internet threat landscape. Students will learn how to identify new threats to their own networks and the internet at large, and how to protect against them.

Rather than focusing on reverse engineering and malcode dissection, we will instead focus on a simple approach that many people can use to quickly gather specific, usable information about threats. This course is not designed to be tool specific but rather it discusses a broad approach and multiple techniques that can be used quickly to assess new threats and determine how to respond to them. This class focuses on open, freely available tools to facilitate analysis. No programming or networking experience is required, but some operational experience is expected in order to get the most out of the training.

At the end of the two-day session, you should be able to

* Detect new malware and quickly gather information about it
* Identify malicious websites and discover their attack vectors
* Identify and react to phishing attacks
* Analyze vulnerability reports and translate this into a defensive posture
* Analyze exploit code to determine how to defend against it
* Build a knowledge repository for yourself and your team

Whom this training is for

* Network security staff
* System administrators
* People interested in learning about malcode and threats


* Decent knowledge of TCP/IP
* Decent knowledge of Windows systems and major APIs
* Participants should bring their own laptop
* Choice of Operating System is optional (either Windows XP or Linux)

Day 1

i.) New malware analysis and response
ii.) WHOIS and DNS investigations
iii.) Malicious and exploit websites
iv.) Phishing attacks

Day 2

i.) Analyzing software vulnerability reports
ii.) Analyzing exploit code
iii.) Detecting scans and probes
iv.) Information management

About the trainer:

Dr. Jose Nazario is a Senior Security Engineer within Arbor Networks’ Arbor Security Engineering & Response Team (ASERT). Dr. Nazario’s research interests include large-scale Internet trends such as reachability and topology measurement, Internet-scale events such as DDoS attacks, botnets and worms, source code analysis tools, and data mining. He is the author of the books “Defense and Detection Strategies against Internet Worms” and “Secure Architectures with OpenBSD.” He earned a Ph.D. in biochemistry from Case Western Reserve University in 2002. Prior to joining Arbor Networks, he was an independent security consultant. Dr. Nazario regularly speaks at conferences worldwide, with past presentations at CanSecWest, PacSec, Blackhat, and NANOG. He also maintains WormBlog.com, a site devoted to studying worm detection and defense research.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Microsoft Corporation

Gold Sponsors


Official Airline Partner

Internet Bandwidth Sponsor

Global Transit

CTF Sponsor

Scan Associates

CTF Prize Sponsor

Scan Associates

Sponsor for Zone-H/HITB Hacking Challenge


HITB Cinema Sponsor

Avenuz Sdn. Bhd.

Official Creation Station

The Womb.com

Our Speakers are Supported By

F-Secure Corporation

Arbor Networks


Bellua Asia Pacific


Mozilla Corporation

Mu Security

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations

Chaos Computer Club

ISECOM - Insititue for Security and Open Methodologies


IT Underground

X-Focus China

Zone-H Defacement Mirror

Xatrix Security

Special Interest Group in Security & Information InteGrity Singapore