Advanced Malware Analysis & Reverse Engineering
Delivery: classroom // Duration: 5 days
This course gives participants an in-depth practical understanding and methodology for current malware analysis and reverse engineering. The course is one of the rare opportunities to participate in a hands-on training held by Kaspersky´s acknowledged expert analysts performing such analysis on a day to day basis unearthing some of the most advanced cyber threats around today.
Learning Objectives
-
Participants will study anti-analysis techniques favored by cybercriminals. After this in-depth course, technical employees will be able to unpack, deobfuscate and remove anti-debugging techniques, and even to dissect root- and boot-kits
-
This advanced training leads to students following best practices in reverse engineering while recognizing anti-reverse engineering tricks (obfuscation, anti-debugging)
-
Supported by Kaspersky Lab’s working experts, students will apply advanced malware analysis for Rootkits/Bootkits dissection
-
Participants will analyze exploit shellcode in real life samples, embedded in the different file types and non-Windows malware that are currently gaining popularity
Course Content
-
Malware Analysis & Reverse Engineering goals and techniques
-
Advanced static analysis techniques (Analyzing shellcode statically, parsing PE header, TEB, PEB, loading functions by different hash algorithms)
-
Advanced dynamic analysis techniques (PE structure, manual and advanced unpacking, unpacking malicious packers that store the full executable in an encrypted form)
-
APT reverse engineering (cover an APT attack scenario, starting from phishing email and going as in-depth as possible)
-
Protocol analysis (analyze encrypted C2 communication protocol, how to decrypt traffic)
-
Rootkits and Bootkits analysis (debugging the boot sector using Ida and VMWare, Kernel debugging using 2 virtual machines, analyzing Rootkit samples)
-
Be able to follow best practices in reverse engineering while recognizing anti-reverse engineering tricks(obfuscation, anti-debugging)
-
Be able to apply advanced malware analysis for Rootkits/Bootkits dissection
-
Be able to analyze exploit shellcode embedded in the different file types and non-Windows malware
Throughout the course there are a multitude on practical, hands-on exercises.
Target Audience
This course is suitable for IT-related professionals whose work routinely involves malware analysis.We strongly suggest to participate in the “Malware Analysis & Reverse Engineering” first.
Pre-requisite for Course Registration
-
Participants should attend the “Malware Analysis & Reverse Engineering” course 1st
-
Thorough knowledge of Assembly code, machine code and higher level programming
-
Very good practical knowledge of the tools used in the “Malware Analysis & Reverse Engineering” course
-
Participants have to bring their own laptop with current VMWare Workstation Pro and admin rights, plus current full version oft IdaPro