Formation en Cybersécurité: Reverse Malware Analysis - Ascent Formation
Retour aux formations
Cybersécurité

Reverse Malware Analysis

4 jour(s)28h

Description

Training objectives : Learn how to analyse a malware throughout several real-life cases

Objectifs pédagogiques

  • Learn the methods and technics to analyse malwares
  • Understand the functionalities of the analyzed malware
  • Learn the steps taken by the malware

Public concerné

Cybersecurity expert

Prérequis

Experience in programming (any language)
Good understanding of Windows and Linux (registry, command line, configuration …)
Understanding of compiled programs libraries (dynamic and static linking, DLL files)
Basic knowledge in networking (HTTP protocol, TCP/IP sockets)
Recommended : C/C++ programming (pointer manipulation, object-oriented programming)
Recommended : Basic understanding of x86 assembly (stack, heap, sections …)
Recommended : Basic knowledge of Win32 API (File operations, Registry operations, HTTP requests …)

Déroulé du programme

1

MALWARE ANALYSIS PRIMER

  • Goals of Malware Analysis
  • Analysis Techniques (Static Analysis, Dynamic Analysis)
  • Types of malwares
  • General Rules for Analysis
2

BASIC STATIC TECHNIQUES

  • Antivirus Scanning (IRMA...)
  • Hashing: A Fingerprint for Malware
  • Finding Strings
  • Packed and Obfuscated Malware
  • Portable Executable File Format
  • Linked Libraries and Functions
  • The PE File Headers and Sections
  • ELF file format
3

Practical exercises

  • Basic analysis of different pieces of software
  • Basic analysis of a first version the malwar
4

BASIC DYNAMIC ANALYSIS

  • pocmon, regshot, processexplorer, sandbox
5

Practical exercises

  • Basic dynamic analysis of the first version of the malware
  • Usage of a sandbox
6

BOOT COURSE IN X86 DISASSEMBLY

  • The x86 Architecture
7

IDA INTRO

  • Usage from loading to extending functions
8

DEBUGGING

  • Basic usage of a debugger (Windows and Linux)
9

RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY

  • Global vs. Local Variables
  • Recognizing Loops
  • Understanding Function Call Conventions
  • Analyzing switch Statements
10

Practical exercises

  • Analysis of the first version of the malware
  • Analysis on an ELF file
11

PACKING AND CLASSIC PATTERNS

  • Usual functions and algorithms
  • Introduction to packing and unpacking
  • Introduction to C++
12

Practical exercises

  • Analysis of small examples
  • Unpacking of a new version of the malware
13

.NET REVERSE

  • Introduction to .NET reverse engineering
14

Practical exercises

  • Analysis of a small .Net executable
15

Understanding of malware behavior

  • Backdoors (RAT, Botnets...), Downloaders, Launchers, Persistence, PrivEsc
  • Network signatures (DNS, calling home functions, Intro to SNORT/SURICATA...)
16

ANTI REVERSE

  • ANTI-DEBUGGING
  • ANTI-VIRTUAL MACHINE
17

Practical exercises:

  • Analysis of a final version of the malware
  • Writing detection rules

Informations

Durée

4 jour(s)

28h

Tarif

2800 € HT

HT

Formations similaires

Formation en Cybersécurité: Analyse de Malware - Fondamentaux - Ascent Formation
Cybersécurité

Analyse de Malware - Fondamentaux

3 jour(s)

2180 € HT

Formation en Cybersécurité: Analyse de Malware - Techniques avancées - Ascent Formation
Cybersécurité

Analyse de Malware - Techniques avancées

5 jour(s)

3490 € HT

Formation en Cybersécurité: Analyse inforensique réseau - Ascent Formation
Cybersécurité

Analyse inforensique réseau

5 jour(s)

3490 € HT

Formation en Cybersécurité: Architecture de sécurité SELinux (3-014) - Ascent Formation
Cybersécurité

Architecture de sécurité SELinux (3-014)

3 jour(s)

2200 € HT