3-DAY TRAINING 6 – Modern Malware Analysis: Detection, Analysis and Reverse Engineering
DURATION: 3 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: CLASS CANCELLED
USD2199 (early bird)
USD2999 (normal)
Early bird registration rate ends on the 31st of May
Overview
Malware authors go to great lengths to deliver their malware, avoid detection and maintain persistence. In Modern Malware Analysis, you’ll get hands-on with real-world malware and learn how to identify key indicators of compromise, enhance security products to protect your users and gain a deeper understanding through reverse engineering. This is a fast-paced course designed to take you deep into all stages of a malware attack – from delivery methods to the final payload! Analyze malicious office documents, dig deep into exploit kits, identify and defeat prevalent obfuscation techniques and generate valuable threat intelligence to aid in your efforts to defend your organisation or respond to an incident. By the end you will have the knowledge to perform exhaustive analysis on modern malware.
Who Should Attend
Anyone who wants to learn how to analyse malware on a deeper level. Key positions often include: malware analysts, forensic investigators, SOC analyst, threat researcher and information security professionals.
Key Learning Objectives
Detect when a malicious event has occurred
Understand different attack methods used by malicious actors, how this affects your analysis and effective ways for disrupting the attack
Perform exhaustive analysis on malicious office documents, exploit kits, Java and .NET binaries, native code binaries (PE files) and shellcode
Learn how to use reversing tools to identify and defeat obfuscation, packing and anti-analysis techniques.
Gain a deeper understanding of binary file formats and how to analyse them to learn more about malware behaviour
Leverage static and dynamic tools to develop a hybrid approach for effectively analysing malware including assembly level debuggers, disassemblers, decompilers and sandboxes
Identify key indicators of compromise to update security products such as an IDS/IPS
Learn how to leverage network traffic to gain a deeper understanding of malware behavior
Learn how to extend tools to fit your analysis needs, such as writing IDA Pro plugins with Python
Generate custom threat intelligence for your organisation
Prerequisite Knowledge
None is required, but previous knowledge in assembly and programming will be helpful.
Hardware / Software Requirements
A laptop with VMware Workstation, Player, or Fusion installed. Be sure you have plenty of RAM and Disk space to run the supplied VM – 2+ vCPUs, 4 GBs of available RAM and 40 GBs of drive space is recommended.
Agenda:
DAY 1 – Performing Malware Analysis
Performing open source intelligence gathering – strings, hashes and VirusTotal
Static and Dynamic analysis: monitoring tools, sandboxes, parsing tools and more
Understanding delivery mechanisms: Office documents, JavaScript attachments and the use of social media
Digging into Exploit Kits: Anatomy of a server compromise and the initial stages of an attack
Using Next-Gen Security Tools, like Bromium
DAY 2 – Distribution Methods and Exploit Kits
Unravelling Exploit Kit obfuscation – digging deeper into EK infrastructure and finding the exploit
Advanced malware analysis – leveraging debuggers and IDA Pro to enhance analysis
Identifying packing and other code obfuscation techniques
Using sandboxes and network traffic to enhance analysis
DAY 3 – Advanced Analysis Techniques
Malware use of Shellcode – extracting and analysing
Anti-Analysis techniques and how to defeat them
Malware Persistence
Analysing other file formats – looking at executables that utilize byte-code
Gathering Indicators of Compromise, creating custom threat intelligence, sharing and updating security products
