Introduction to Reverse Engineering Malware

Malicious software is everywhere. Antivirus software is ineffective. How does malware behave? What are typical Indicators of Compromise? How can you determine if you are infected?  

This course covers malware analysis with the primary purpose of quickly uncovering the indicators of compromise (IOCs). Knowing malware IOCs allows you to detect and contain malware. An understanding of common malware tactics is vital, as most malware perform similar activities and access similar system files. Patterns begin to reveal themselves.  Our primary objective is to provide you hands-on experience with malware analysis with the purpose of arming you with knowledge and skills to better understand and detect malware in the future.

Objectives

  • Create an isolated and controlled environment for analyzing malware
  • Use system level and code level reversing tools
  • Disassemble malicious software
  • Run malicious software in a debugger to understand its behavior
  • Assess stack overflow vulnerabilities and exploits
  • Recognize malware tactics and behavior
  • Familiarity with malware obfuscation tactics

Audience

Prerequisites

IT Security Fundamentals and Intro to Hacking, Defense, and Response or equivalent experience.

Outline

  • Malware Analysis Environment
  • System (Behavioral) Level Reversing
  • Assembly Language Intro
  • Dissemblers and Debuggers
  • Buffer Overflow Attacks
  • DLL injection
  • Code Level Reversing
  • Malware Obfuscation Techniques

Duration

18 Hours (3 Days)

WebSanity Top Secret