Malware Analysis Made Easy

Jan 6, 2020 09:00 AM - Jan 7, 2020 05:00 PM (Asia/Kolkata)

NASSCOM, Plot No- 7-10 Amity Road, Opp, Amity Gate 2A, Sector 126, Noida, Uttar Pradesh 201303

Uttar Pradesh

This event has ended. Please contact organizer for more details.

Overview

Malwares have been targeting various industries and sectors like financial, petroleum, nuclear facilities, cloud facilities, data centers, public and private organizations and even software companies. Earlier malware analysis was restricted to only antivirus companies. With an increase in quantity and sophistication of malwares and the failure of detection softwares to keep up with this huge influx of malwares, the reliance on SOCs and Forensics Teams to analyze and dissect incoming samples is far more important these days. Malware analysis is a must-have skill to analyze complex malwares and also aid in incident response.
The hands on workshop on 'Malware Analysis' sets the basic foundation for advanced malware analysis topic like malware reverse engineering.

Who Should Take This Course:
● Anyone interested in learning malware analysis and cybersecurity. 
● Security Professionals who need to deal with malware like SOC Analysts, Incident Response Professionals, Security Researchers, Network and System administrators, Security Practitioners, CISOs etc looking to enhance their skill set.

What we will cover:

  • Windows OS Internals needed for malware analysis
  • Malware Lifecycle creation and distribution
  • Packers and Installers used in malwares
  • Malware Self Defence mechanism
  • Malware Persistence
  • Code Injection, Code hooks and Process hollowing
  • Hiding, Stealth and Rootkits
  • Network communication of malwares
  • Static Malware Analysis
  • Behavioral analysis of malwares
  • Automated malware analyis in Sandboxes
  • Malware Analysis and Classification
  • Scripting based malwares- Document macros, Powershell, Javascript
  • Fast Track Memory Forensics
  • Introduction to Malware Reverse Engineering

Pre-requisites for the participants:

● Experience with one of the VM environments - VMWare Workstation or VirtualBox
Awareness of VM Snapshots Procedures - Creating and Restoring Snapshots.
● One of VMware Workstation Pro or VMware Fusion or VirtualBox installed, with the tool having the ability to create and restore snapshots.
● Laptop with a recommended 8GB RAM and 4+ cores
● Pre-Setup snapshotted Analysis VM running Windows 7 32 bit, with free analysis tools installed in the analysis VM. The Analysis VM configuration guide  and tools list would be provided to attendees in advance.

● Also if possible another analysis VM setup running Windows XP 32 bit, sp2 or sp3.

What You Will Be Provided With:

● Pre-built Linux image preinstalled with some analysis tools.
● Malware samples used in the course/labs.
● Soft copies of the course material.
● Proprietary malware detection Tools.

Attendee takeaways:

  • The training involves analysis of real malware
  • students would be able to understand basic concepts like operating system internals, networking which are needed during malware analysis
  • The various components of a Malware and it’s Lifecyle.
  • students would be able to use freely available malware analysis tools more effectively
  • Tricks used by experienced researchers to quickly analyze, reverse engineer and classify malwares.

Workshop Trainer

Abhijit Mohanta

Abhijit Mohanta

Anti Malware Consultant | C...

Abhijit Mohanta is a CyberSecurity Consultant and Corporate Trainer, with over 12 years of experience in malware reverse engineering, vulnerability research, anti-virus engine developm...

Anoop Saldanha

Anoop Saldanha

Independent Security Resear...

Anoop Saldanha, is one of the core-authors of Suricata Intrusion Detection and Prevention System, funded by the US Department of Homeland Security(DHS) and the US Navy's Space and Nava...

Agenda

Course Includes:

● 2 days of practical malware analysis training.
● Hands-on labs and exercises.
● Copy of the training slides.
● Pre-built linux VM image configured with analysis tools.

Syllabus:

Module 1: System and OS Internals for Malware Analysis

1. Files and File Formats
A Malware Analyst gets all kinds of files. In this section you will learn about  identifying Files and File Formats.

2. PE File and Virtual Memory - Practical Relationship between Static and Dynamically Loaded Process
PE File Format is used by Windows Executables. You will learn about some of the important fields in PE File Format, that can help a malware analyst dissect a sample. Also, we explain the concept of Virtual Memory and explain the relationship with various PE file fields.

3. Windows OS Internals
In this section we introduce some of the necessary Windows Internals like Win32 APIs, System Calls and others concepts which we encounter during Malware Analysis.

Module 2: Malware Life-cycle, Architecture and Behavior In-Depth

4. Distribution
We talk about how an Attacker distributes a malware and how the Malware arrives at the victim. We talk about techniques like Spamming, Exploit kits, Social Engineering etc.

5. Packers and Packed vs Unpacked Malwares
Almost all kinds of Malwares are Packed these days due to which Analysts find it hard to analyze a sample. We talk about how a Packer works so that it becomes easy for an Analyst later on to deal with Packed Samples. We also explain how to easily distinguish between and Packed and Unpacked Malware.

6. Armoring
Malware come up with various techniques to deter analysis. There are techniques to Evade security softwares like Anti-Virus, IPS and Sandboxes. We talk about all these techniques used by malwares.

7. Persistence
We introduce the various methods used by Malwares to persist on the infected system even after a reboot.

8. Hiding/Stealth
Malwares don’t want to identified easily on the system. In this section we cover the various techniques malwares use to hide their presence on the system.

9. Network Communication
Malwares often need to talk back to hacker. In this section we talk about how Malwares send gathered info and stolen data back to the central Command and Control(CnC) server, download updates and receive commands from it.

10.Code Injection and Process Hollowing

In this section we explain
● how and why malwares spawn multiple processes as a part of their infection life cycle.
● how malwares frequently execute code by using existing legitimate process and inserting themselves into these processes.
● the concept of process hollowing, a well known and frequently used technique used by malwares to hide themselves amongst other legitimate clean processes.

Module 3: Malware Analysis

11.Static Malware Analysis
In this section we talk about identifying and analyzing a malware sample statically

12.Dynamic Malware Analysis
In this section we talk about identifying and analyzing a malware dynamically at runtime. We also expose the analyst to full utilize the various tools available to make the analysis job faster.

13.Malware Analysis and Classification Made Easy
How to easily analyze and conclude about a file without the need to reverse it.

14.Types of Malwares - Their behaviors and Identifying Them
In this section you will go through various categories of malwares and identifying and
classifying them based on their static and dynamic features.

15.File-less Malwares
In this section we introduce techniques to detect and analyze file-less malwares, a
category of malwares that live off the land using legitimate programs and leave minimum
footprint.

16.PDFs, DOC Malwares
In this section we explore other categories of malwares that are delivered by means of PDF documents and Microsoft Office Files.

Module 4: When Malware Analysis, Reversing and Everything Fails

17.Use Common Sense
There can be times when it is hard to conclude from Dynamic Analysis and Static Analysis, whether a sample is malicious or not. Also reverse engineering might take a lot of time especially with a complex VB sample or Themida packed file. In this section we explain, how one can use common sense to analyze such complex samples when every other technique fails

Module 5: Memory Forensics
18.Fast Track Memory Forensics

Module 6: Basics of Reverse Engineering

19. Ollydbg
We introduce Olly Debugger, a staple of every Reverse Engineer.

20.Dry Run - Unpacking and Reversing a Sample Using Olly
We show users a dry run of reversing a malware sample using Olly Debugger.

NASSCOM, Plot No- 7-10 Amity Road, Opp, Amity Gate 2A, Sector 126, Noida, Uttar Pradesh 201303

Uttar Pradesh

Malware Analysis Made Easy

This event has ended. Please contact organizer for more details.

Reviews

Explara uses cookies to enhance your experience. By using our site, you agree to our privacy policy.