Reverse Malware Analysis

0 Enrolled
28 heures
  • 28 heures
  • 39
  • 0
  • no
2,750.00€

Aperçu du cours

Training objectives : Learn how to analyse a malware throughout several real-life cases

Prérequis

  • Experience in programming (any language)
  • Good understanding of Windows and Linux (registry, command line, configuration …)
  • Understanding of compiled programs libraries (dynamic and static linking, DLL files)
  • Basic knowledge in networking (HTTP protocol, TCP/IP sockets)
  • Recommended : C/C++ programming (pointer manipulation, object-oriented programming)
  • Recommended : Basic understanding of x86 assembly (stack, heap, sections …)
  • Recommended : Basic knowledge of Win32 API (File operations, Registry operations, HTTP requests …)

Objectifs pédagogiques

  • Learn the methods and technics to analyse malwares
  • Understand the functionalities of the analyzed malware
  • Learn the steps taken by the malware

Public ciblé

  • Cybersecurity expert

Programme de formation

  • MALWARE ANALYSIS PRIMER

    • Goals of Malware Analysis

    • Analysis Techniques (Static Analysis, Dynamic Analysis)

    • Types of malwares

    • General Rules for Analysis

  • BASIC STATIC TECHNIQUES

    • Antivirus Scanning (IRMA…)

    • Hashing: A Fingerprint for Malware

    • Finding Strings

    • Packed and Obfuscated Malware

    • Portable Executable File Format

    • Linked Libraries and Functions

    • The PE File Headers and Sections

    • ELF file format

  • Practical exercises

    • Basic analysis of different pieces of software

    • Basic analysis of a first version the malwar

  • BASIC DYNAMIC ANALYSIS

    • pocmon, regshot, processexplorer, sandbox

  • Practical exercises

    • Basic dynamic analysis of the first version of the malware

    • Usage of a sandbox

  • BOOT COURSE IN X86 DISASSEMBLY

    • The x86 Architecture

  • IDA INTRO

    • Usage from loading to extending functions

  • DEBUGGING

    • Basic usage of a debugger (Windows and Linux)

  • RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY

    • Global vs. Local Variables

    • Recognizing Loops

    • Understanding Function Call Conventions

    • Analyzing switch Statements

  • Practical exercises

    • Analysis of the first version of the malware

    • Analysis on an ELF file

  • PACKING AND CLASSIC PATTERNS

    • Usual functions and algorithms

    • Introduction to packing and unpacking

    • Introduction to C++

  • Practical exercises

    • Analysis of small examples

    • Unpacking of a new version of the malware

  • .NET REVERSE

    • Introduction to .NET reverse engineering

  • Practical exercises

    • Analysis of a small .Net executable

  • Understanding of malware behavior

    • Backdoors (RAT, Botnets…), Downloaders, Launchers, Persistence, PrivEsc

    • Network signatures (DNS, calling home functions, Intro to SNORT/SURICATA…)

  • ANTI REVERSE

    • ANTI-DEBUGGING

    • ANTI-VIRTUAL MACHINE

  • Practical exercises:

    • Analysis of a final version of the malware

    • Writing detection rules

Instructeur

Avatar de l’utilisateur

bprigent

0.0
0 commentaire
0 Students
491 Courses
Main Content