Advanced Malware Analysis & Reverse Engineering
Delivery: Classroom // Duration: 5 days
This course gives participants an in-depth practical understanding and methodology for current malware analysis and reverse engineering. The course is one of the rare opportunities to participate in a hands-on training held by Kaspersky´s acknowledged expert analysts performing such analysis on a day to day basis unearthing some of the most advanced cyber threats around today.
- Participants will study anti-analysis techniques favored by cybercriminals. After this in-depth course, technical employees will be able to unpack, deobfuscate and remove anti-debugging techniques, and even to dissect root- and boot-kits.
- This advanced training leads to students following best practices in reverse engineering while recognizing anti-reverse engineering tricks (obfuscation, anti-debugging).
- Supported by Kaspersky Lab’s working experts, students will apply advanced malware analysis for Rootkits/Bootkits dissection.
- Participants will analyze exploit shellcode in real life samples, embedded in the different file types and non-Windows malware that are currently gaining popularity.
- Malware Analysis & Reverse Engineering goals and techniques
- Advanced static analysis techniques (Analyzing shellcode statically, parsing PE header, TEB, PEB, loading functions by different hash algorithms)
- Advanced dynamic analysis techniques (PE structure, manual and advanced unpacking, unpacking malicious packers that store the full executable in an encrypted form)
- APT reverse engineering (cover an APT attack scenario, starting from phishing email and going as in-depth as possible)
- Protocol analysis (analyze encrypted C2 communication protocol, how to decrypt traffic)
- Rootkits and Bootkits analysis (debugging the boot sector using Ida and VMWare, Kernel debugging using 2 virtual machines, analyzing Rootkit samples)
- Be able to follow best practices in reverse engineering while recognizing anti-reverse engineering tricks(obfuscation, anti-debugging)
- Be able to apply advanced malware analysis for Rootkits/Bootkits dissection
- Be able to analyze exploit shellcode embedded in the different file types and non-Windows malware
Target audienceThis course is suitable for IT-related professionals whose work routinely involves malware analysis.We strongly suggest to participate in the “Malware Analysis & Reverse Engineering” first.
Pre-requisite for course registration
- Participants should attend the “Malware Analysis & Reverse Engineering” course 1st.
- Thorough knowledge of Assembly code, machine code and higher level programming.
- Very good practical knowledge of the tools used in the “Malware Analysis & Reverse Engineering” course.
- Participants have to bring their own laptop with current VMWare Workstation Pro and admin rights, plus current full version oft IdaPro.
|Dates||Location||Language||Registration fee (plus VAT)|
|Jul 15 - 19, 2019||ISH Campus Munich Airport||English||4900€|
|Oct 14 - 18, 2019||ISH Campus Munich Airport||English||4900€|