Aperçu du cours
Training objectives : Learn how to analyse a malware throughout several real-life cases
Prérequis
- Experience in programming (any language)
- Good understanding of Windows and Linux (registry, command line, configuration …)
- Understanding of compiled programs libraries (dynamic and static linking, DLL files)
- Basic knowledge in networking (HTTP protocol, TCP/IP sockets)
- Recommended : C/C++ programming (pointer manipulation, object-oriented programming)
- Recommended : Basic understanding of x86 assembly (stack, heap, sections …)
- Recommended : Basic knowledge of Win32 API (File operations, Registry operations, HTTP requests …)
Fonctionnalités
- Learn the methods and technics to analyse malwares
- Understand the functionalities of the analyzed malware
- Learn the steps taken by the malware
Public ciblé
- Cybersecurity expert
Détails
- 34 Sections
- 78 Lessons
- 28 heures
Expand all sectionsCollapse all sections
- MALWARE ANALYSIS PRIMER4
- 1.1Goals of Malware Analysis
- 1.2Analysis Techniques (Static Analysis, Dynamic Analysis)
- 1.3Types of malwares
- 1.4General Rules for Analysis
- MALWARE ANALYSIS PRIMER4
- 2.1Goals of Malware Analysis
- 2.2Analysis Techniques (Static Analysis, Dynamic Analysis)
- 2.3Types of malwares
- 2.4General Rules for Analysis
- BASIC STATIC TECHNIQUES8
- 3.1Antivirus Scanning (IRMA…)
- 3.2Hashing: A Fingerprint for Malware
- 3.3Finding Strings
- 3.4Packed and Obfuscated Malware
- 3.5Portable Executable File Format
- 3.6Linked Libraries and Functions
- 3.7The PE File Headers and Sections
- 3.8ELF file format
- BASIC STATIC TECHNIQUES8
- 4.1Antivirus Scanning (IRMA…)
- 4.2Hashing: A Fingerprint for Malware
- 4.3Finding Strings
- 4.4Packed and Obfuscated Malware
- 4.5Portable Executable File Format
- 4.6Linked Libraries and Functions
- 4.7The PE File Headers and Sections
- 4.8ELF file format
- Practical exercises2
- 5.1Basic analysis of different pieces of software
- 5.2Basic analysis of a first version the malwar
- Practical exercises2
- 6.1Basic analysis of different pieces of software
- 6.2Basic analysis of a first version the malwar
- BASIC DYNAMIC ANALYSIS1
- 7.1pocmon, regshot, processexplorer, sandbox
- BASIC DYNAMIC ANALYSIS1
- 8.1pocmon, regshot, processexplorer, sandbox
- Practical exercises2
- 9.1Basic dynamic analysis of the first version of the malware
- 9.2Usage of a sandbox
- Practical exercises2
- 10.1Basic dynamic analysis of the first version of the malware
- 10.2Usage of a sandbox
- BOOT COURSE IN X86 DISASSEMBLY1
- 11.1The x86 Architecture
- BOOT COURSE IN X86 DISASSEMBLY1
- 12.1The x86 Architecture
- IDA INTRO1
- 13.1Usage from loading to extending functions
- IDA INTRO1
- 14.1Usage from loading to extending functions
- DEBUGGING1
- 15.1Basic usage of a debugger (Windows and Linux)
- DEBUGGING1
- 16.1Basic usage of a debugger (Windows and Linux)
- RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY4
- 17.1Global vs. Local Variables
- 17.2Recognizing Loops
- 17.3Understanding Function Call Conventions
- 17.4Analyzing switch Statements
- RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY4
- 18.1Global vs. Local Variables
- 18.2Recognizing Loops
- 18.3Understanding Function Call Conventions
- 18.4Analyzing switch Statements
- Practical exercises2
- 19.1Analysis of the first version of the malware
- 19.2Analysis on an ELF file
- Practical exercises2
- 20.1Analysis of the first version of the malware
- 20.2Analysis on an ELF file
- PACKING AND CLASSIC PATTERNS3
- 21.1Usual functions and algorithms
- 21.2Introduction to packing and unpacking
- 21.3Introduction to C++
- PACKING AND CLASSIC PATTERNS3
- 22.1Usual functions and algorithms
- 22.2Introduction to packing and unpacking
- 22.3Introduction to C++
- Practical exercises2
- 23.1Analysis of small examples
- 23.2Unpacking of a new version of the malware
- Practical exercises2
- 24.1Analysis of small examples
- 24.2Unpacking of a new version of the malware
- .NET REVERSE1
- 25.1Introduction to .NET reverse engineering
- .NET REVERSE1
- 26.1Introduction to .NET reverse engineering
- Practical exercises1
- 27.1Analysis of a small .Net executable
- Practical exercises1
- 28.1Analysis of a small .Net executable
- Understanding of malware behavior2
- 29.1Backdoors (RAT, Botnets…), Downloaders, Launchers, Persistence, PrivEsc
- 29.2Network signatures (DNS, calling home functions, Intro to SNORT/SURICATA…)
- Understanding of malware behavior2
- 30.1Backdoors (RAT, Botnets…), Downloaders, Launchers, Persistence, PrivEsc
- 30.2Network signatures (DNS, calling home functions, Intro to SNORT/SURICATA…)
- ANTI REVERSE2
- 31.1ANTI-DEBUGGING
- 31.2ANTI-VIRTUAL MACHINE
- ANTI REVERSE2
- 32.1ANTI-DEBUGGING
- 32.2ANTI-VIRTUAL MACHINE
- Practical exercises:2
- 33.1Analysis of a final version of the malware
- 33.2Writing detection rules
- Practical exercises:2
- 34.1Analysis of a final version of the malware
- 34.2Writing detection rules
Instructeur
