3-DAY TRAINING 6 – Modern Malware Analysis: Detection, Analysis and Reverse Engineering

DURATION: 3 DAYS

CAPACITY: 20 pax

SEATS AVAILABLE: 20


USD2199 (early bird)

USD2999 (normal)

Early bird registration rate ends on the 31st of May


Overview

Malware authors go to great lengths to deliver their malware, avoid detection and maintain persistence. In Modern Malware Analysis, you’ll get hands-on with real-world malware and learn how to identify key indicators of compromise, enhance security products to protect your users and gain a deeper understanding through reverse engineering. This is a fast-paced course designed to take you deep into all stages of a malware attack – from delivery methods to the final payload! Analyze malicious office documents, dig deep into exploit kits, identify and defeat prevalent obfuscation techniques and generate valuable threat intelligence to aid in your efforts to defend your organisation or respond to an incident. By the end you will have the knowledge to perform exhaustive analysis on modern malware.

Who Should Attend

Anyone who wants to learn how to analyse malware on a deeper level. Key positions often include: malware analysts, forensic investigators, SOC analyst, threat researcher and information security professionals.

Key Learning Objectives

  • Detect when a malicious event has occurred
  • Understand different attack methods used by malicious actors, how this affects your analysis and effective ways for disrupting the attack
  • Perform exhaustive analysis on malicious office documents, exploit kits, Java and .NET binaries, native code binaries (PE files) and shellcode
  • Learn how to use reversing tools to identify and defeat obfuscation, packing and anti-analysis techniques.
  • Gain a deeper understanding of binary file formats and how to analyse them to learn more about malware behaviour
  • Leverage static and dynamic tools to develop a hybrid approach for effectively analysing malware including assembly level debuggers, disassemblers, decompilers and sandboxes
  • Identify key indicators of compromise to update security products such as an IDS/IPS
  • Learn how to leverage network traffic to gain a deeper understanding of malware behavior
  • Learn how to extend tools to fit your analysis needs, such as writing IDA Pro plugins with Python
  • Generate custom threat intelligence for your organisation

Prerequisite Knowledge

None is required, but previous knowledge in assembly and programming will be helpful.

Hardware / Software Requirements

A laptop with VMware Workstation, Player, or Fusion installed. Be sure you have plenty of RAM and Disk space to run the supplied VM – 2+ vCPUs, 4 GBs of available RAM and 40 GBs of drive space is recommended.

Agenda:

DAY 1 – Performing Malware Analysis

  • Performing open source intelligence gathering – strings, hashes and VirusTotal
  • Static and Dynamic analysis: monitoring tools, sandboxes, parsing tools and more
  • Understanding delivery mechanisms: Office documents, JavaScript attachments and the use of social media
  • Digging into Exploit Kits: Anatomy of a server compromise and the initial stages of an attack
  • Using Next-Gen Security Tools, like Bromium

DAY 2 – Distribution Methods and Exploit Kits

  • Unravelling Exploit Kit obfuscation – digging deeper into EK infrastructure and finding the exploit
  • Advanced malware analysis – leveraging debuggers and IDA Pro to enhance analysis
  • Identifying packing and other code obfuscation techniques
  • Using sandboxes and network traffic to enhance analysis

DAY 3 – Advanced Analysis Techniques

  • Malware use of Shellcode – extracting and analysing
  • Anti-Analysis techniques and how to defeat them
  • Malware Persistence
  • Analysing other file formats – looking at executables that utilize byte-code
  • Gathering Indicators of Compromise, creating custom threat intelligence, sharing and updating security products

TRAINING
Location: TRAINING ROOMS Date: August 26, 2019 Time: 9:00 am - 6:00 pm Josh Stroschein