Malware Analysis Workshop

מק"ט: #7549 | משך קורס: 40 שעות אק'
| מספר מפגשים: 5

Malicious software, or malware, plays a part in most computer intrusion and security incidents. Any software that does something that causes harm to a user, computer, or network can be considered malware, including viruses, trojan horses, worms, rootkits, scareware, and spyware. While the various malware incarnations do all sorts of different things, as malware analysts, we have a core set of tools and techniques at our disposal for analyzing malware.

Malware analysis is the art of dissecting malware to understand how it works, how to identify it, and how to defeat or eliminate it. And you don’t need to be an uber-hacker to perform malware analysis.

הקורס פעיל לקבוצות מטעם ארגונים בלבד, ניתן לשלוח פנייה רק אם מדובר בקבוצה
*שדות חובה
PDF version

מטרות

  • Describe types of malware, including rootkits, Trojans, and viruses
  • Perform basic static analysis with sysinternals
  • Perform basic dynamic analysis with a debugging
  • Perform advanced static analysis with IDA Pro
  • Explain malware behavior, including launching, encoding, and network signatures
  • Recognize common packers and how to unpack them

קהל היעד

  • Researchers, defense and law authorities
  • System, media, information security personnel

תנאי קדם

  • Practical experience in a command line environment, especially with Linux
  • Knowledge of communication protocols - TCP / IP
  • Background and experience in code writing

נושאים

PE File

  • Headers
  • Sections
  • Import / Exports
  • Resources
  • CFF Explorer


WinAPI

  • Concept
  • Common DLLs
  • Kernel Objects
  • Ansi and Unicode
  • Suspicious APIs and their uses

 

Extra Static Analysis

  • Packers
    • Obfuscators
    • VMs
    • Crypters
  • RDG Packer Detector
  • Entropy

 

Basic Dynamic Analysis

  • Sysinternals
  • Apimonitor
  • Wireshark
  • ApateDNS
  • InetSIM
  • Netcat
  • Sandboxes

 

C++

  • Types
  • Functions
  • Pointers
  • Conditions and loops
  • " and &
  • Debugging in visual srudio

 

Assembly Crash

  • Architecture (x86)
  • Memory Management
  • Registers
  • Instructions
  • Opcodes

 

RE Methodology

  • What is RE?
  • Approaching RE
  • Decompilers

 

Debugging Methodology

  • What is debugging?
  • Approaching debugging
  • Debugger overview

 

IDA

  • Overview
  • Cheatsheet
  • Flirt signatures

 

Malicious Techniques

  • Hooking
  • Code Injection
  • Anti VM / Debug
  • Obfuscation
  • Persistence
  • Dynamic function resolving (using APIs and using PEB)
  • Encryption
תגיות