{"id":14981,"date":"2024-02-22T02:58:23","date_gmt":"2024-02-22T02:58:23","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/"},"modified":"2024-02-29T03:22:59","modified_gmt":"2024-02-29T03:22:59","slug":"workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024","status":"publish","type":"product","link":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/","title":{"rendered":"A Crash Course on Hunting Malware from the Dark Corners of Memory"},"content":{"rendered":"

ATTEND IN-PERSON<\/span>: <\/strong>Onsite at Abu Dhabi<\/strong><\/h4>\n

DATE: 28 November 2024<\/strong><\/h4>\n

TIME: 09:00 to 17:00 GST\/GMT+4<\/strong><\/h4>\n
\n
\n
\n
\n
The number of cyber attacks is undoubtedly on the rise targeting government, military, public, and private sectors. Most of these cyber attacks use malicious programs (malware) for financial theft, espionage, intellectual property theft, and political motives. These malware programs use various techniques to execute their malicious code and to remain undetected from the security products. With adversaries getting sophisticated and carrying out advanced malware attacks, it is critical for cybersecurity professionals to detect, hunt and respond to such attacks.<\/h5>\n
\n

Memory forensics is a powerful investigation\/threat-hunting technique used in digital forensics and incident response. It has become a must-have skill for fighting advanced malware, targeted attacks, and security breaches. This training focuses on hunting malware using memory forensics, it introduces you to the topic of Windows internals and techniques to perform malware and Rootkit investigations. The training covers analysis and investigation of various malware infected memory images(crimewares, APT malwares, Rootkits, etc.) and contains scenario-based hands-on labs to gain a better understanding of the subject.The training provides practical guidance and attendees should walk away with the following skills:<\/p>\n

– Ability to acquire a memory image from suspect\/infected systems
\n– How to use open source advanced memory forensics framework (Volatility)
\n– Understanding of the techniques used by the malwares to hide from Live forensic tools
\n– Understanding of the techniques used by Rootkits(code injection, hooking, etc.)
\n– Investigative steps for detecting stealth and advanced malware
\n– How memory forensics helps in malware analysis and reverse engineering
\n– How to incorporate malware analysis and memory forensics in the sandbox<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

<\/div>\n
\n
Topics Covered<\/strong><\/h5>\n

Introduction to Memory Forensics<\/strong>
\n– What is Memory Forensics
\n– Why Memory Forensics
\n– Steps in Memory Forensics
\n– Memory acquisition and tools
\n– Acquiring memory From physical machine
\n– Acquiring memory from virtual machine
\n– The hands-on exercise involves acquiring the memory<\/p>\n

 <\/p>\n

Volatility Overview<\/strong>
\n– Introduction to Volatility Advanced Memory Forensics Framework
\n– Volatility Installation
\n– Volatility basic commands
\n– Determining the profile
\n– Volatility help options
\n– Running the plugin<\/p>\n

 <\/p>\n

Investigating Process<\/strong>
\n– Understanding Process Internals
\n– Process(EPROCESS) Structure
\n– Process organization
\n– Process Enumeration by walking the double linked list
\n– process relationship (parent-child relationship)
\n– Understanding DKOM attacks
\n– Process Enumeration using pool tag scanning
\n– Volatility plugins to enumerate processes
\n– Identifying malware process
\n– Hands-on lab exercise(scenario-based) involves investigating malware infected memory<\/p>\n

 <\/p>\n

Investigating Process handles & Registry<\/strong>
\n– Objects and handles overview
\n– Enumerating process handles using Volatility
\n– Understanding Mutex
\n– Detecting malware presence using the mutex
\n– Understanding the Registry
\n– Investigating common registry keys using Volatility
\n– Detecting malware persistence
\n– Hands-on lab exercise(scenario-based) involves investigating malware infected memory<\/p>\n

 <\/p>\n

Investigating Network Activities<\/strong>
\n– Understanding malware network activities
\n– Volatility Network Plugins
\n– Investigating Network connections
\n– Investigating Sockets
\n– Hands-on lab exercise(scenario-based) involves investigating malware infected memory<\/p>\n

Investigation Process Memory<\/strong>
\n– Process memory Internals
\n– Listing DLLs using Volatility
\n– Identifying hidden DLLs
\n– Dumping malicious executable from memory
\n– Dumping Dll’s from memory
\n– Scanning the memory for patterns(yarascan)
\n– Hands-on lab exercise(scenario-based) involves investigating malware infected memory<\/p>\n

Investigating User Mode Rootkits & Fileless Malwares<\/strong>
\n– Code Injection
\n– Types of Code injection
\n– Remote DLL injection
\n– Remote Code injection
\n– Reflective DLL injection
\n– Hollow process injection
\n– Demo – Case Study
\n– Hands-on lab exercise(scenario based) involves investigating malware infected memory<\/p>\n

 <\/p>\n

Investigating Kernel-Mode Rootkits<\/strong><\/p>\n

– Understanding Rootkits
\n– Understanding Functional call traversal in Windows
\n– Level of Hooking\/Modification on Windows
\n– Kernel Volatility plugins
\n– Hands-on lab exercise(scenario-based) involves investigating malware infected memory
\n– Demo – Rootkit Investigation<\/p>\n

Memory Forensic Case Studies<\/strong>
\n– Demo
\n– Hunting an APT malware from Memory<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

ATTEND IN-PERSON: Onsite at Abu Dhabi DATE: 28 November 2024 TIME: 09:00 to 17:00 GST\/GMT+4 The number of cyber attacks is undoubtedly on the rise targeting government, military, public, and private sectors. Most of these cyber attacks use malicious programs (malware) for financial theft, espionage, intellectual property theft, and political motives. These malware programs use […]<\/p>\n","protected":false},"featured_media":14980,"template":"","meta":{"_acf_changed":false},"product_cat":[89,90,57,91,94,87],"product_tag":[],"class_list":{"0":"post-14981","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-1-day-workshop","7":"product_cat-auh2024","8":"product_cat-in-person","9":"product_cat-workshop-2","10":"product_cat-28-nov-workshop-auh2024","11":"product_cat-auh2024-workshop","13":"first","14":"outofstock","15":"featured","16":"shipping-taxable","17":"purchasable","18":"product-type-simple"},"acf":[],"yoast_head":"\nA Crash Course on Hunting Malware from the Dark Corners of Memory - HITBSecConf2024 - Abu Dhabi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Crash Course on Hunting Malware from the Dark Corners of Memory - HITBSecConf2024 - Abu Dhabi\" \/>\n<meta property=\"og:description\" content=\"ATTEND IN-PERSON: Onsite at Abu Dhabi DATE: 28 November 2024 TIME: 09:00 to 17:00 GST\/GMT+4 The number of cyber attacks is undoubtedly on the rise targeting government, military, public, and private sectors. Most of these cyber attacks use malicious programs (malware) for financial theft, espionage, intellectual property theft, and political motives. These malware programs use […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Abu Dhabi\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-29T03:22:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/\",\"name\":\"A Crash Course on Hunting Malware from the Dark Corners of Memory - HITBSecConf2024 - Abu Dhabi\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg\",\"datePublished\":\"2024-02-22T02:58:23+00:00\",\"dateModified\":\"2024-02-29T03:22:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#primaryimage\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg\",\"contentUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg\",\"width\":1200,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shop\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/shop\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Crash Course on Hunting Malware from the Dark Corners of Memory\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/\",\"name\":\"HITBSecConf2024 - Abu Dhabi\",\"description\":\"Nov 25 - 28, Abu Dhabi, UAE\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Crash Course on Hunting Malware from the Dark Corners of Memory - HITBSecConf2024 - Abu Dhabi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/","og_locale":"en_US","og_type":"article","og_title":"A Crash Course on Hunting Malware from the Dark Corners of Memory - HITBSecConf2024 - Abu Dhabi","og_description":"ATTEND IN-PERSON: Onsite at Abu Dhabi DATE: 28 November 2024 TIME: 09:00 to 17:00 GST\/GMT+4 The number of cyber attacks is undoubtedly on the rise targeting government, military, public, and private sectors. Most of these cyber attacks use malicious programs (malware) for financial theft, espionage, intellectual property theft, and political motives. These malware programs use […]","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/","og_site_name":"HITBSecConf2024 - Abu Dhabi","article_modified_time":"2024-02-29T03:22:59+00:00","og_image":[{"width":1200,"height":900,"url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/","name":"A Crash Course on Hunting Malware from the Dark Corners of Memory - HITBSecConf2024 - Abu Dhabi","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#primaryimage"},"image":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#primaryimage"},"thumbnailUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg","datePublished":"2024-02-22T02:58:23+00:00","dateModified":"2024-02-29T03:22:59+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#primaryimage","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg","contentUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Monappa-Training.jpg","width":1200,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/workshop-a-crash-course-on-hunting-malware-from-the-dark-corners-of-memory-auh2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/"},{"@type":"ListItem","position":2,"name":"Shop","item":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/shop\/"},{"@type":"ListItem","position":3,"name":"A Crash Course on Hunting Malware from the Dark Corners of Memory"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/","name":"HITBSecConf2024 - Abu Dhabi","description":"Nov 25 - 28, Abu Dhabi, UAE","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product\/14981"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/media\/14980"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/media?parent=14981"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product_cat?post=14981"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product_tag?post=14981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}