Date | Day | Time | Duration |
26 Aug | Monday | 0900-17:00 ICT/GMT+7 | 8 Hours |
27 Aug | Tuesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
28 Aug | Wednesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
Malware analysis and memory forensics are powerful analysis and investigative techniques used in reverse engineering, digital forensics and incident response. Adversaries are becoming more sophisticated and carrying out advanced malware attacks on critical infrastructures, Data Centers, private and public organizations. This makes detecting, responding and investigating such intrusions increasingly critical for information security professionals. Malware analysis and memory forensics have become a must-have skill for fighting advanced malwares, targeted attacks and security breaches.
This course will introduce attendees to basics of malware analysis,reverse engineering, Windows internals and memory forensics. It will then gradually progress deeper into more advanced concepts of memory forensics.
This course uses hands-on labs using real world malware samples and infected memory images (Crimewares, APT malwares, Rootkits etc) to help attendees gain better understanding of the subject. The training also shows how these techniques can be incorporated in a sandbox to automate malware analysis. After taking this course attendees will be equipped with skill to analyze, investigate and respond to malware related incidents.
Introduction to Malware Analysis
Static Analysis
Dynamic Analysis/Behavioural analysis
Automating Malware Analysis(sandbox)
Malware Persistence Methods
Code Analysis
Introduction to Memory Forensics
Volatility Overview
Investigating Process
Investigating Process handles & Registry
Day 3
Investigating Network Activities
Investigation Process Memory
Investigating User-Mode Rootkits & Fileless Malwares
Memory Forensics in Sandbox technology
Investigating Kernel-Mode Rootkits
Memory Forensic Case Studies
Monnappa K A is a Security professional with over 15 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter mainly focusing on threat hunting, investigation, and research of advanced cyber attacks.
He is the author of the best-selling book “Learning Malware Analysis.”He is the review board member for Black Hat Asia, Black Hat USA, Black Hat Europe. He is the creator of Limon Linux sandbox and the winner of the Volatility plugin contest 2016. He is the co-founder of the cybersecurity research community “Cysinfo” (https://www.cysinfo.com).
He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat, BruCON, HITB, FIRST (Forum of Incident Response and Security Teams), SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community in his YouTube channel (http://www.youtube.com/c/MonnappaKA), and you can read his blog posts at https://cysinfo.com
What students say about this training:
“It is an excellent Malware introductory course which helps me to learn basic ideas and provide a guideline for further study in the future”
“Well organised & run”
“Particularly appreciative of how the course materials were well-prepared, and how informative [the] explanations were”
“Great course. Next time I would like to be on site.”