Malware, short for malicious software is designed to infiltrate computer system/s and wreck havoc on the operating system, network or application. Most systems contain bugs, or loopholes, which may be exploited by malware.
Malware includes computer viruses, worms, trojans, adware, spyware, backdoors, crimeware, most rootkits, and other malicious and unwanted software.
Malicious code has moved well beyond mass-mailing viruses with disk-wiping payloads. A significant percentage of today's malware is intended to allow crimes to be committed against its victims. In many cases, the crimes are aimed at specific organizations or industry groups.
About the Workshop
Almost every incident response involves some trojan, back door, virus component, or rootkit. Security Specialists must be able to perform rapid analysis on the malware and understand the functionality of the malware, without which, remediation efforts usually fail to meet expectations.
Malware Analysis is a time consuming effort that requires specialized expertise, procedure and tools which help IT administrators, forensics investigators, malware specialists, and other security professionals fight malicious code.
This course teaches how to reverse engineer malicious programs using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools covering both behavioral and code analysis aspects of the analysis.
This process helps in assessing the event's scope, severity, and repercussions. It also assists in containing the incident and in planning recovery steps.
This 2 day course provides an introduction to the tools and methodologies used to perform dynamic and static analysis on portable executable programs.
Workshop Benefits
The course covers various aspects of malware analysis helping participants understand how to
- Set up an inexpensive and flexible laboratory for understanding the working of malicious software
- Examine the program's behavioral patterns and code by experimenting with reverse-engineering compiled Windows executables and browser-based malware.
- Examine malicious code to understand the program's key components and execution flow
- Identify common malware characteristics by looking at Windows API use patterns
- Examine excerpts from bots, rootkits, key loggers, and downloaders
- Work with PE headers and handle DLL interactions
- Tools and techniques for bypassing anti-analysis capabilities of armored malware
- Experiment with packed executables and obfuscated browser scripts.
The entire course is driven by hands-on exercises.
Who should attend?
This course will significantly benefit anyone who is concerned about maintaining the integrity of operating systems, network infrastructure and applications.
- IT Managers
- Information Security Managers
- Security Consultants
- Security Architects
- Security Specialists
- System Administrators
- Incident Response Team members
- Computer Forensic Investigators
In sort, anyone who requires a better understanding of the steps and processes involved in malware analysis.
Course Contents
- Introduction to Malware
- Classification of Malware
- Virus
- Trojan
- Worm
- Backdoor
- Downloader
- Droppers
- Injector
- Spammer
- Key Logger
- Root kit
- Introduction to Windows Architecture and Assembly Language
- Working with PE headers of malicious Windows executables
- Dynamic Malware Analysis
- Behavior Analysis
- Monitoring System changes
- Sandbox
- Tools for Behaviour Analysis
- Analyzing memory to assess malware characteristics
- Code Analysis
- Core concepts for reverse-engineering malware at the code level
- Packers and Protectors
- Rebuilding Imports
- Handling DLL interactions and API hooking
- Manual unpacking of protected malicious Windows executables
- Static Malware Analysis
- Introduction to Dissembler
- Identifying key x86 assembly logic structures with a dissembler
- Disassembly of Malware samples
- Anti-Reversing Techniques
- Vulnerabilities and Exploits
- How to clean the infected box
- Practical Sessions