DURATION: 3 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: REGISTRATION CLOSED
EUR2599 (early bird)
EUR2999 (normal)
Early bird registration rate ends on the 13th of January
Overview
Cyber-criminals are innovating faster than ever, and the cyber-crime industry caused the loss of hundreds of billions of dollars last year across the US and Europe alone. In this course, Advanced Malware Analysis: Combating Exploit Kits, you’ll learn the skills you need to pull apart and analyze exploit kits (an advanced form of malware).
First, you’ll explore the tools and techniques you’ll be using as well as analyze events collected by Bromium micro-VMs. Next, you’ll work on unraveling the exploit kits–figuring out which ones were used, what they look like, how to decrypt them, and how to detect them in “the wild.”
Finally, you’ll learn how to conduct safe dynamic analysis of these exploit kits, detect CNC communication, and share your analyses so that these problems can be remedied. By the end of this course, you’ll not only have a better understanding of what exploit kits are and how to detect them, but you’ll be able to analyze how they work and report them so that your data is safer than ever from cyber-crime.
Who Should Attend
Anyone wishing to dig into malware on a deeper level
Key Learning Objectives
How to pull real-world malware apart.
Preequisite Knowledge
None- but some background in programming and architecture will be helpful.
Hardware / Software Requirements
Bring a laptop with VMware Workstation, Player, or Fusion installed. Be sure you have plenty of RAM and Disk space to run the supplied VM.
Agenda
Day 1: Malware Analysis
– Signatures, hashes, and strings
– OSINT – leveraging VirusTotal, Malwr, and others
– Sandboxes – executing malware in a safe environment
– Monitoring tools during execution – ProcMon, WireShark, Process Explorer, etc.
– Understanding file formats – exploring Portable Executables
Getting Started with IDA – our first sample
Day 2 – Distribution and Exploit Kits
– How is malware spread: spam and spear phishing
– Office documents/macros
– JS as an attachment
– URLs that lead to Exploit Kits
– Analyzing an Exploit Kit from start to finish
– Server compromise
– Malicious JS
– Exploit
– Looking at the malware – intermediate IDA
Day 3 – Advanced Analysis
– Looking at the exploit – reversing Flash with JPEX
– Reversing the malware
– Defeating packing/obfuscation
– Static analysis on the binary
– Automation through IDA Python
– Moving Target Communications (domain generation algorithms)
– Customizing Reports: From Researchers to CISOs