Early bird registration rate ends on the 31st of January
Malware authors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion and maintain persistence to compromise an organization. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. In Modern Malware Analysis Advanced Edition, you will get hands-on with real-world malware and learn how to identify key indicators of compromise/indicators of attack, apply analysis to enhance security products to protect your users and infrastructure and gain a deeper understanding of malware behavior through reverse engineering. Open-source and limited use tools such as Ghidra, IDA Pro Free/Demo, Oledump/OleVBA, PE Studio and Suricata will be utilized to perform deep technical analysis of malware at each phase of an attack, focusing on developing effective strategies to maximize your time spent. By the end of this course you will be able to analyze malicious office documents, dig deep into native and interpreted code through disassembly and decompilation, identify and defeat prevalent obfuscation techniques and generate valuable threat intelligence to aid in your efforts to defend your organization or respond to an incident.
This is a fast-paced course designed to take you deep into all stages of malware operations โ from delivery methods to the post-infection payloads! Each day will end with comprehensive analysis activities and exercises to test and reaffirm key learning objectives. This course is designed to not just simply be 4 days of lecture, but an immersive and interactive learning experience.This is an ideal course for security analysts, malware analysts/researchers and blue teams that need to get hands-on diving deep into malicious software.
DAY 1 โ Analyzing Delivery Mechanisms
– Basic analysis and leveraging open source intelligence โ strings, hashes and threat intelligence sharing platforms such as VirusTotal and AlienVault OTX
– Understanding delivery mechanisms: Office documents, JavaScript attachments and other means of bypassing the perimeter
– Leveraging network traffic to enhance analysis
– A brief look at exploit kits and techniques for unraveling
– Analyzing compromised infrastructure through a server compromise
DAY 2 โ Unraveling Malware Payloads
– Performing analysis on native code binaries through reversing engineering
– Understanding binary file formats and key operating system internals
– Determining signs of packing and other native code obfuscation techniques
– Identifying and defeating malware packing
– Detecting malware persistence techniques
– Leveraging network traffic analysis to identify malware families
DAY 3 โ Advanced Analysis Techniques
– Identifying and tracing malware use of shellcode
– Analyzing Windows-based shellcode, along with common obfuscation techniques
– Defeating string and API obfuscation techniques in native and interpreted code
– Extending reversing tools through plugins
– Identifying lateral movement
– Extracting malware configuration information
– Automating IOC extraction from malware samples
DAY 4 โ Performing Post-Infection Analysis
– Reverse engineering modular payloads
– Identifying evidence of data exfiltration
– Recognizing patterns of command and control communications
– Reversing other file formats such as .NET and Java binaries
– Analyzing malware on other platforms – Mac OS X and Android
The primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:
To help prepare for this course, it is recommended that students be familiar with information from the following sources:
A brief overview of malicious office documents
– Hack-in-the-Box CommSec Track 2018: https://youtu.be/Ii0ENuigBSM
Assembly and Intelโs 32/64-bit architecture
– Specifically concepts from chapters 1 – 5: https://pacman128.github.io/pcasm/
Getting started with reverse engineering
– YouTube playlist: https://www.youtube.com/playlist?list=PLHJns8WZXCdvaD7-xR7e5FJNW_6H9w-wC
