This is a fast-paced course designed to take you deep into malware operations – from delivery methods to payloads! Students will go through key phases of malware operations, providing deep technical analysis and hands-on labs to gain experience detecting, analyzing and reverse engineering malware.
Malware authors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion and maintain persistence to compromise an organization. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack.
In this training, open-source and limited use tools such as Ghidra, IDA Pro Free/Demo, Oledump/OleVBA, PE Studio, dnSpy and Suricata will be utilized to perform deep technical analysis of malware, focusing on developing effective strategies to maximize your time spent. By the end of this course you will be able to analyze malicious office documents and reverse engineer Java, .NET, Mac OS X and Android malware. These skills ultimately allow you to generate valuable threat intelligence to aid in your efforts to defend your organization or respond to an incident.
This is a fast-paced course designed to take you deep into malware operations – from delivery methods to payloads! Each day will end with comprehensive analysis activities and exercises to test and reaffirm key learning objectives. This course is designed to not just simply be 5 days of lecture, but an immersive and interactive learning experience.
Students will be provided with all of the lab material used throughout the course in a digital format. This includes all lab material, lab guides and virtual machines used for training. This course will also utilize several live classroom sharing resources, such as chat and notes to ensure that students have access to all material discussed throughout the training. Comprehensive lab guides will also be provided to ensure that students have the ability to continue learning after the course ends and maximize the knowledge gained from this course.
• Utilizing open-source intelligence platforms such as Abuse.ch, VirusTotal and AlienVault OTX to investigate malware • Gain proficiency with key malware analysis triage tools such as PE Studio, OLEDUMP, XLMDeobfuscator, malwoverview and more • Explore the use of custom and online sandboxes to further enhance malware analysis • Begin unraveling malicious office documents
• Identify and extract payloads from network traffic and other malicious artifacts • Identifying evidence of data exfiltration and command-and-control beacons • Leveraging network traffic analysis to identify malware families • Automating IOC extraction from malware samples
• Reverse engineering bytecode – decompiling Microsoft .NET and Java binaries • Addressing mobile malware by exploring malicious Android applications • Analyzing malware intended for Mac OS X – packages, Mach-O binaries and application bundles • Reverse engineering shell code and investigating native code binaries