Keywords:
Hacking, Cyber Security
Edu type:
Course or training
Location:
Amsterdam
Education:
Master (EQF 7)
Start date:
unknown
Study Load:
24 hrs
Duration:
3 days
More information

Description:

In this training we will cover the following basics:

  • What is malware?
  • How do victims get infected?
  • How do we start our malware analysis?
  • How do we modify malware by modifying assembly?
  • What does malware actually do on our system?
  • What techniques do malware creators use to not be analyzed and how to circumvent these?
  • What can we see on the network layer?
  • How do we analyze exploits and scripts?

This is a hands-on course. This means that the participants will receive a small portion of content after which they are immediately going to apply this knowledge in a demonstration environment. These challenges start easy and end with a full analysis of WannaCry on day three. To support people that are already familiar with (part of) the topic, we have various additional (difficult) challenges to distribute.

 

Target Group

  • Incident response employees
  • Digital forensic researchers
  • IT system & network administrators
  • IT professionals interested in malware analysis

Program

The training agenda is structured as followed:

 

Day 1

  • General malware overview and history
  • How victims are infected
  • Introduction to malware analysis
  • Malware identification
  • Track 1: readable text strings
  • Track 2: packers, crypters and protectors
  • Track 3: Jumps (assembly)
  • Track 4: XOR (Exclusive OR)
  • Track 5: Malware Behavior

Day 2

  • Track 6: API calls (assembly)
  • Banking malware
  • Track 7: Anti-forensics & circumvention
  • Track 8: Network analysis
  • Track 9: Fake internet
  • Track 10: Quarantine files
  • Track 11: Exploit analysis

Day 3

  • Track 12: WannaCry!
  • Track 13: Various other challenges

Extra information

Prerequisites for the course are as followed:

  • Participants should understand the basics of computers, VMs and network.
  • Participants should have a laptop with VMWare Workstation that supports Snapshots. We will distribute a Virtual Machine, which has to be removed after the training due to copyright. We will provide a binder containing training material.
  • If you have extensive experience with the topics mentioned above, this training most likely is not suitable for you. It is a basic introduction to malware analysis