Malware Analysis Basic Course
- Udi Shamir & Joxean Koret
This course provides effective knowledge and hands-on experience on basic malware analysis. It introduces current and relevant techniques that will prepare students to become a proficient malware researcher.
Pre-requisite of Training Class
Student
- Knows C
- Knowing X86 Assembly is an advantage
Hardware
- Laptop with Ubuntu installed
Software
- Microsoft Windows as a VM
- Free version of IDA
Course Outline
Unit 1: Fundamentals of Malware Analysis
1.1 Reverse Engineering Methodology
1.2 Overview of Malware analysis lab setup and configuration
1.3 Introduction to Malware Analysis tools
1.4 Behavioral Analysis vs. Code Analysis
1.5 Tools and Resources for ReverseEngineering undocumented binaries and API’s
Unit 2: Malware Characteristics
2.1 Understanding the current and Future Malware Threats
2.2 Malware indicators
2.3 Malware Classification Methods and Techniques (Intro to CAMAL Clustering Engine)
2.4 How Antivirus Programs Work (Investigating ClamAV signature Engine)
2.5 Creating Custom ClamAV Databases
2.6 Using YARA to Detect Malware Footprints
Unit 3: Malware Labs
3.1 Creating an Isolated Laboratory
3.2 Introduction to Camal Sandbox and free available sandboxes
3.3 Installing Linux as Malware Analysis Platform
Unit 4: Malware Lab Integrity
4.1 Routing TCP/IP Connections
4.2 Capturing and Analyzing Network Traffic using sniffers
4.3 Using Domain analyzer to detect Malicious C&C
Unit 5: Malware Analysis Tools
5.1 Introduction to x86 Intel assembly language
5.2 PE binary structure
5.3 Reverse Engineering using free tools
5.4 Basic Anti Debugging Techniques
| Organiser: | ||||
 |
||||
| Patron of SyScan'14: | ||||
 |
||||
| Diamond Sponsor: | ||||
 |
||||
| Platinum Sponsor: | ||||
 |
 |
|||
| Silver Sponsor: | ||||
 |
Friends of SyScan'14: | |||
 |
 |
 |
 |
 |