Support & Downloads

Quisque actraqum nunc no dolor sit ametaugue dolor. Lorem ipsum dolor sit amet, consyect etur adipiscing elit.

s f

Contact Info
198 West 21th Street, Suite 721
New York, NY 10010
youremail@yourdomain.com
+88 (0) 101 0000 000
Follow Us

Reverse Malware Analysis

réf : CYB-RAR
Cours Linux-Commandes de base

Training objectives : Learn how to analyse a malware throughout several real-life cases

Objectifs pédagogiques

  • Learn the methods and technics to analyse malwares
  • Understand the functionalities of the analyzed malware
  • Learn the steps taken by the malware

Pré-requis

Experience in programming (any language) – Good understanding of Windows and Linux (registry, command line, configuration …) – Understanding of compiled programs libraries (dynamic and static linking, DLL files) – Basic knowledge in networking (HTTP protocol, TCP/IP sockets) – Recommended : C/C++ programming (pointer manipulation, object-oriented programming) – Recommended : Basic understanding of x86 assembly (stack, heap, sections …) – Recommended : Basic knowledge of Win32 API (File operations, Registry operations, HTTP requests …)

Public concerné

Cybersecurity expert

Programme

  • Goals of Malware Analysis
  • Analysis Techniques (Static Analysis, Dynamic Analysis)
  • Types of malwares
  • General Rules for Analysis
  • Antivirus Scanning (IRMA…)
  • Hashing: A Fingerprint for Malware
  • Finding Strings
  • Packed and Obfuscated Malware
  • Portable Executable File Format
  • Linked Libraries and Functions
  • The PE File Headers and Sections
  • ELF file format
  • Basic analysis of different pieces of software
  • Basic analysis of a first version the malware
  • pocmon, regshot, processexplorer, sandbox
  • Basic dynamic analysis of the first version of the malware
  • Usage of a sandbox
  • The x86 Architecture
  • Usage from loading to extending functions
  • Basic usage of a debugger (Windows and Linux)
  • Global vs. Local Variables
  • Recognizing Loops
  • Understanding Function Call Conventions
  • Analyzing switch Statements
  • Analysis of the first version of the malware
  • Analysis on an ELF file
  • Usual functions and algorithms
  • Introduction to packing and unpacking
  • Introduction to C++
  • Analysis of small examples
  • Unpacking of a new version of the malware
  • Introduction to .NET reverse engineering
  • Analysis of a small .Net executable
  • Backdoors (RAT, Botnets…), Downloaders, Launchers, Persistence, PrivEsc
  • Network signatures (DNS, calling home functions, Intro to SNORT/SURICATA…)
  • ANTI-DEBUGGING
  • ANTI-VIRTUAL MACHINE
  • Analysis of a final version of the malware
  • Writing detection rules

Équipe pédagogique

Professionnel expert technique et pédagogique

Moyens pédagogiques et techniques

  • Espace intranet de formation.
  • Documents supports de formation projetés.
  • Exposés théoriques
  • Étude de cas concrets
  • Mise à disposition en ligne de documents supports à la suite de la formation.

Dispositif de suivi

  • Émargement numérique.
  • Mises en situation.
  • Formulaires d’évaluation de la formation.
  • Certificat de réalisation de l’action de formation.

Vous avez une question ?

    Jours

    4 (28 heures)

    Prix

    2800 € HT

    Télécharger

    Catégories

    Tous

    Certifications

    Initiation

    Forensics

    Hacking & sécurité technique

    Sécurité organisationnelle

     

    Parcel Sandbox