Descrizione
PRESENTATION:
Fighting cyber crime involves many aspects, and malware analysis is one of the most relevant ones. The current eCrime ecosystem is very busy and new malwares are developed almost every day. Being able to analyze a malware and extract Indicator of Compromise (IOC) can help a company to prevent or identify an intrusion. Unfortunately, this task is not easy and requires dedicated skills and time to master. Che course includes:
+ Creation of a safe environment for malware analysis
+ Threat hunting and malware triage
+ Analysis of document and related files
+ Analysis of PowerShell Malware
+ Analysis of JS and VBS malware
+ Introduction to PE file format
+ .NET malware analysis
+ Debugging and disassembly
+ OS Introduction
+ YARA rule creation
+ Report creation
PURPOSE:
This course provides all the needed information to start into malware analysis. At the end of the course the students will be able to analyze real world malware and create signatures to detect them. This is a hands-on course, with practical examples of real world malware. The students will be guided through all phases of the analysis, starting from the creation of a safe environment to analyze malware. The main tools for the analysis will be provided, such as debuggers and disassemblers, and used to analyze eCrime malware. Concepts such as reversing, process injection, obfuscation, encryption, compression, OS internals, and EDR bypass will be explained and analyzed.
In the final part of the course, concepts related to the identification of malware are discussed, such as the creation of YARA rules. The course will also provide guidelines on how to create a malware analysis report, discussing which are the main errors committed during this phase (eg. assembly code in reports is almost always useless).
REQUIREMENTS:
Basic programming experience
Be familiar with Windows OS
RECIPIENTS:
+ Reverse engineering
+ Malware analysts
+ SOC operator
+ Threat hunter
+ Security enthusiasts
SKILLS:
+ basic programming experience
+ be familiar with Windows OS
YOU MUST HAVE WITH YOU:
+ Intel based laptop with 16 GB of RAM and 100 GB of HD
+ Recent Windows OS (at least Windows 10)
+ Virtual Box
YOU WILL RECEIVE AS MATERIALS:
+ Slides
+ Certificate of Participation