Reverse Malware Analysis

Aperçu du cours

Training objectives : Learn how to analyse a malware throughout several real-life cases

Prérequis

Experience in programming (any language)
Good understanding of Windows and Linux (registry, command line, configuration …)
Understanding of compiled programs libraries (dynamic and static linking, DLL files)
Basic knowledge in networking (HTTP protocol, TCP/IP sockets)
Recommended : C/C++ programming (pointer manipulation, object-oriented programming)
Recommended : Basic understanding of x86 assembly (stack, heap, sections …)
Recommended : Basic knowledge of Win32 API (File operations, Registry operations, HTTP requests …)

Fonctionnalités

Learn the methods and technics to analyse malwares
Understand the functionalities of the analyzed malware
Learn the steps taken by the malware

Public ciblé

Cybersecurity expert

Détails

34 Sections
78 Lessons
28 heures

Expand all sectionsCollapse all sections

MALWARE ANALYSIS PRIMER

4
- 1.1
  Goals of Malware Analysis
- 1.2
  Analysis Techniques (Static Analysis, Dynamic Analysis)
- 1.3
  Types of malwares
- 1.4
  General Rules for Analysis
MALWARE ANALYSIS PRIMER

4
- 2.1
  Goals of Malware Analysis
- 2.2
  Analysis Techniques (Static Analysis, Dynamic Analysis)
- 2.3
  Types of malwares
- 2.4
  General Rules for Analysis
BASIC STATIC TECHNIQUES

8
- 3.1
  Antivirus Scanning (IRMA…)
- 3.2
  Hashing: A Fingerprint for Malware
- 3.3
  Finding Strings
- 3.4
  Packed and Obfuscated Malware
- 3.5
  Portable Executable File Format
- 3.6
  Linked Libraries and Functions
- 3.7
  The PE File Headers and Sections
- 3.8
  ELF file format
BASIC STATIC TECHNIQUES

8
- 4.1
  Antivirus Scanning (IRMA…)
- 4.2
  Hashing: A Fingerprint for Malware
- 4.3
  Finding Strings
- 4.4
  Packed and Obfuscated Malware
- 4.5
  Portable Executable File Format
- 4.6
  Linked Libraries and Functions
- 4.7
  The PE File Headers and Sections
- 4.8
  ELF file format
Practical exercises

2
- 5.1
  Basic analysis of different pieces of software
- 5.2
  Basic analysis of a first version the malwar
Practical exercises

2
- 6.1
  Basic analysis of different pieces of software
- 6.2
  Basic analysis of a first version the malwar
BASIC DYNAMIC ANALYSIS

1
- 7.1
  pocmon, regshot, processexplorer, sandbox
BASIC DYNAMIC ANALYSIS

1
- 8.1
  pocmon, regshot, processexplorer, sandbox
Practical exercises

2
- 9.1
  Basic dynamic analysis of the first version of the malware
- 9.2
  Usage of a sandbox
Practical exercises

2
- 10.1
  Basic dynamic analysis of the first version of the malware
- 10.2
  Usage of a sandbox
BOOT COURSE IN X86 DISASSEMBLY

1
- 11.1
  The x86 Architecture
BOOT COURSE IN X86 DISASSEMBLY

1
- 12.1
  The x86 Architecture
IDA INTRO

1
- 13.1
  Usage from loading to extending functions
IDA INTRO

1
- 14.1
  Usage from loading to extending functions
DEBUGGING

1
- 15.1
  Basic usage of a debugger (Windows and Linux)
DEBUGGING

1
- 16.1
  Basic usage of a debugger (Windows and Linux)
RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY

4
- 17.1
  Global vs. Local Variables
- 17.2
  Recognizing Loops
- 17.3
  Understanding Function Call Conventions
- 17.4
  Analyzing switch Statements
RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY

4
- 18.1
  Global vs. Local Variables
- 18.2
  Recognizing Loops
- 18.3
  Understanding Function Call Conventions
- 18.4
  Analyzing switch Statements
Practical exercises

2
- 19.1
  Analysis of the first version of the malware
- 19.2
  Analysis on an ELF file
Practical exercises

2
- 20.1
  Analysis of the first version of the malware
- 20.2
  Analysis on an ELF file
PACKING AND CLASSIC PATTERNS

3
- 21.1
  Usual functions and algorithms
- 21.2
  Introduction to packing and unpacking
- 21.3
  Introduction to C++
PACKING AND CLASSIC PATTERNS

3
- 22.1
  Usual functions and algorithms
- 22.2
  Introduction to packing and unpacking
- 22.3
  Introduction to C++
Practical exercises

2
- 23.1
  Analysis of small examples
- 23.2
  Unpacking of a new version of the malware
Practical exercises

2
- 24.1
  Analysis of small examples
- 24.2
  Unpacking of a new version of the malware
.NET REVERSE

1
- 25.1
  Introduction to .NET reverse engineering
.NET REVERSE

1
- 26.1
  Introduction to .NET reverse engineering
Practical exercises

1
- 27.1
  Analysis of a small .Net executable
Practical exercises

1
- 28.1
  Analysis of a small .Net executable
Understanding of malware behavior

2
- 29.1
  Backdoors (RAT, Botnets…), Downloaders, Launchers, Persistence, PrivEsc
- 29.2
  Network signatures (DNS, calling home functions, Intro to SNORT/SURICATA…)
Understanding of malware behavior

2
- 30.1
  Backdoors (RAT, Botnets…), Downloaders, Launchers, Persistence, PrivEsc
- 30.2
  Network signatures (DNS, calling home functions, Intro to SNORT/SURICATA…)
ANTI REVERSE

2
- 31.1
  ANTI-DEBUGGING
- 31.2
  ANTI-VIRTUAL MACHINE
ANTI REVERSE

2
- 32.1
  ANTI-DEBUGGING
- 32.2
  ANTI-VIRTUAL MACHINE
Practical exercises:

2
- 33.1
  Analysis of a final version of the malware
- 33.2
  Writing detection rules
Practical exercises:

2
- 34.1
  Analysis of a final version of the malware
- 34.2
  Writing detection rules

Instructeur

bprigent

0.0

0 commentaire

0 Students

841 Courses

Cybersécurité

Virtualisation

Data, IA, Business Intelligence

Réseaux

Cloud

Systèmes

Développement et webdesign

DevOps

Gestion de projet IT & Management SI

Blockchain

Aperçu du cours

Prérequis

Fonctionnalités

Public ciblé

Détails

Instructeur

bprigent

À PROPOS

NOS FORMATIONS

09 75 75 37 81

contact@ascent-formation.fr

Nous suivre sur les réseaux sociaux

Reverse Malware Analysis

Aperçu du cours

Prérequis

Fonctionnalités

Public ciblé

Détails

Instructeur

Autres formations

À PROPOS

NOS FORMATIONS

Nous suivre sur les réseaux sociaux

Modal title