Advanced Reverse Engineering Malware Training

Advanced Reverse Engineering Malware Training

Introduction:

Advanced Reverse Engineering Malware Training Course with real hands-on labs

This technically challenging Advanced Reverse Engineering Malware Training course uses the latest malware samples that are the hardest to reverse engineer. You will use every means necessary to defeat all defensive measures employed by malware authors who want to wreak havoc across the internet.

Each malware sample analyzed in class will require first unpacking the sample and removing any software armoring or protection put in place to thwart the security analyst. After the student successfully removes armoring agents they'll have to navigate past several anti-debugging techniques employed by the most elite malware samples today. Finally each sample will required skillful knowledge and usage of OllyDbg or IDA Pro tools with scripting abilities to reverse engineer the destructive code and determine exactly what the malware does.

Customize It:

With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.

Audience/Target Group

• Information security analysts

Advanced Reverse Engineering Malware Training Related Courses:

Duration: 5 days

Skilled Gained:

• Malicious document analysis
• Extracting and analyzing embedded shell script from documents
• Manually unpacking obfuscated malware
• Methods for Analyzing and Defeating Armored Malware
• Advanced Rootkits, DLL's and Windows Services
• Advanced Anti-Reversing Malware

Course Content:

Day 1

1. Microsoft Office Malicious Documents
• Instructor will demonstrate methods and techniques for manually analyzing malicious documents without running them against the vulnerable version of MS Office they are targeting.
• Samples of malware

2. Adobe PDF Malicious Documents
• Methods and techniques for manually analyzing these malicious documents without running them against the vulnerable version of Adobe Reader they are targeting
• PDF samples targeting current vulnerabilities using tools

3. Relevant and challenging malware samples in which you must remove the embedded executables for MS Office and Adobe files as the scenario for the day

Day 2

4. Manually Unpacking Obfuscated Malware
• Instructor will describe and demonstrate situations where malware analyst's tools break and Auto-Unpacking fails
• Analyze a packed executable which will break if attempting to be unpacked through a malware autounpacker
• Manually unpack and restore the original executable
• Students will be given modified version of other real-world packers
• Tools used
• Relevant and challenging malware

Day 3

5. Methods for Analyzing and Defeating Armored Malware
• Common anti-debugging techniques used by malware authors to detect whether or not they are being analyzed
• Common anti-reversing techniques used by malware authors to confuse and increase difficulty of the RE process
• Analyze and bypass anti-debugging checking routines to get the executable to completely unpack
• Combine lessons learned from day 2 to manually unpack and restore the original executable and then defeat the anti-debugging routines.
• Analyze a sample making use of many popular anti-reversing techniques
• Combine lessons learned from day 1, 2, and 3 to manually unpack and restore the original executable, defeat the anti-debugging routines, and finally defeat anti-reversing routines
• Relevant and challenging malware

Day 4

6. Rootkits, DLLs and Windows Services
• Reversing Windows rootkits
• Detect interrupt table hooks and SSDT hooks
• NDIS chains to find backdoor TCP/IP stacks
• Loading DLLs and DLL Exports
• Windows Kernel data structures and what they mean
• Reversing DLLs
• Windows DLLs
• Windows Services
• Windows Services structures
• Service installation and execution routines
• Service lifetime

Day 5

7. Conficker and Relevant Samples
• Manually unpack and restore the original executable
• Defeat the anti-debugging routines
• Defeat anti-reversing routines
• Develop network signatures

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment