HITBLab: Modern Malware Analysis for Threat Hunters [HITB2021SIN]

$50.00

Duration

1 days

Delivery Method

virtual

Level

intermediate

Seats Available

20

Duration

1 days

Delivery Method

virtual

Level

intermediate

DELIVERY: VIRTUAL LIVE STREAM 

DATE: 26 August 2021

TIME: 22:00 to 00:00 SGT/GMT+8

 


 

Malware authors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion and maintain persistence to compromise an organization. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. In this workshop, you will get hands-on with real-world malware and learn how to identify key indicators of compromise (IOCs)/indicators of attack (IOAs) through comprehensive network traffic and malware artifact analysis.

This workshop will utilize open-source tools such as Arkime, Suricata and CyberChef to perform technical analysis of malware traffic to identify patterns of payload delivery, command and control and the use ot encrypted sessions (TLS). We will also explore malware infrastrucre such as the use of webshells, command and control panels, proxy scripts and phishing kits. These skills ultimately allow you to generate valuable threat intelligence to aid in your efforts to defend your organization or respond to an incident.

Attendees will be provided with all the lab material used throughout the course in a digital format. This includes all lab material, lab guides and virtual machines used for training. This workshop will also utilize several live classroom sharing resources, such as chat and notes to ensure that attendees have access to all material discussed throughout the training. All the material provided will help to ensure that students have the ability to continue learning well after the course ends and maximize the knowledge gained from this course.

 

Why You Should Take This Course

TBA

Who Should Attend

TBA

Key Learning Objectives

  • Understand different attack methods used by malicious actors, how this affects your analysis and effective ways for disrupting the attack. We'll use MITRE ATTACK to help guide attendees through these phases and give them a structured approach for understanding adversary methods of operation.

  • Leverage static and dynamic tools to develop a hybrid approach for effectively analyzing malware

  • Identify key indicators of compromise to update security products such as an IDS/IPS

  • Learn how to leverage network traffic to gain a deeper understanding of malware behavior

  • Generate custom threat intelligence for your organization
  • Prerequisite Knowledge

    TBA

    Hardware / Software Requirements

    This workshop will require that students have the ability to download the training VM to follow along with the demonstrations, hands-on activites and to complete the labs. Outside of that, with this being a virtual session the use of Zoom (or similar) will work great for delivery of the session.

    Your Instructor

    No data was found