Training Malware reverse enginering
August 25th, 2017
[SEC-T] trainings: A practical approach to malware analysis and memory forensics
TEACHER: Monappa KA
The training provides practical guidance and attendees would walk away with the following skills:
- How malware and Windows internals work
- How to create a safe and isolated lab environment for malware analysis
- What are the techniques and tools to perform malware anlaysis
- How to perform static analysis to determine the metadata associated with malware
- How to perform dynamic analysis of the malware to determine its interaction with process,file system, registry and network
- How to perform code analysis to determine the malware functionality
- How to debug a malware using tools like IDA pro, Ollydbg/Immunity debugger
- What is Memory Forensics and its use in malware and digital investigation
- Ability to acquire a memory image from suspect/infected systems
- How to use open source advanced memory forensics framework (Volatility)
- Understanding of the techniques used by the malwares to hide from Live forensic tools
- Understanding of the techniques used by Rootkits(code injection, hooking etc)
- Investigative steps for detecting stealth and advanced malware
- How memory forensics helps in malware analysis and reverse engineering
- How to incorporate malware analysis and memory forensics in sandbox
- How to determine the network and host based indicators (IOC)
Overview
Malware analysis and memory forensics are powerful analysis and investigative techniques used in reverse engineering, digital forensics and incident response. With adversaries becoming more sophisticated and carrying out advanced malware attacks on critical infrastructures, Data Centers, private and public organizations, detecting, responding and investigating such intrusions are critical to information security professionals. Malwareanalysis and memory Forensics have become a musthave skill for fighting advanced malwares, targeted attacks and security breaches. This trainingĀ introduces you to the topic of malware analyis, reverse engineering, Windows internals, and techniques to perform malware and Rootkit investigations of real world memory samples using open source advanced memory forensics framework (Volatility). The training covers analysis and investigation of various real world malware samples and infected memory images(crimewares, APT malwares, rootkits etc) and contains hands on labs to gain betterĀ understanding of the subject.