From BruCON 2015
Jump to: navigation, search
(Course Description)
(Trainer Biography)
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=Practical Malware Analysis: Rapid Introduction=
 
=Practical Malware Analysis: Rapid Introduction=
 +
 +
One of BruCONs most popular trainings is back in 2015. The co-author of the book (Andrew Honig) will be hosting one of our most popular training tracks. Don't be surprised if you are offered a complimentary beer at the end of each training day.
 +
 +
Students also get a free copy of Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
  
 
===Course Description===
 
===Course Description===
Line 12: Line 16:
 
* Apply new found knowledge of Windows Internals for malware analysis
 
* Apply new found knowledge of Windows Internals for malware analysis
 
* Set up a safe virtual environment to analyze malware in a lab environment
 
* Set up a safe virtual environment to analyze malware in a lab environment
 
Come for the rapid introduction or to sharpen your skills for the Advanced Malware Analysis Class this BruCON Fall training session between 5 and 7 october.
 
  
 
=Course Contents=
 
=Course Contents=
Line 46: Line 48:
  
 
=Trainer Biography=
 
=Trainer Biography=
Michael Sikorski is the Director of the FireEye Labs Advanced Reverse Engineering (FLARE) Team. He leads the team through reverse engineering malware as a primary analyst and manages the overall workflow and process used by the team. Mike created a series of courses in malware analysis and teaches them to a variety of audiences including the FBI, NSA, and Black Hat. He is co-author of the book “Practical Malware Analysis,” which is published by No Starch Press. Mike came to FireEye through its acquisition of Mandiant, where he worked for seven years. Prior to Mandiant, Mike worked for MIT Lincoln Laboratory and the National Security Agency. He is also an Adjunct Assistant Professor at Columbia University’s Department of Computer Science.
+
[[File:Andrew.Honig.jpg|thumb|125px]]
 +
Andrew Honig is a software security engineer for Google and a tech lead on the cloud security team where he works on virtualization and kernel security. He spent eight years with the National Security Agency where he taught courses on software analysis, reverse engineering, and Windows system programming at the National Cryptologic School. He discovered several vulnerabilities in virtualization software including VM escapes in VMware and KVM. He's the co-author of "Practical Malware Analysis" and developer of the FakeNet malware analysis tool.
 +
 
 +
Links:
 +
* [https://www.youtube.com/watch?v=L7ScFlkJEO8 KVM Security Improvements by Andrew Honig]
 +
* [http://www.amazon.com/Andrew-Honig/e/B006J3I99Q Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software at Amazon]
  
<br>[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/mikesiko @mikesiko]
 
  
''Wed. 22 - 24 April 2015 (09:00 - 17:00)''
+
''Mon. 5 - 7 October 2015 (09:00 - 17:00)''
  
 
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
 
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
 
[[Training|Back to Training Overview]]
 
[[Training|Back to Training Overview]]

Latest revision as of 19:23, 25 April 2015

Practical Malware Analysis: Rapid Introduction

One of BruCONs most popular trainings is back in 2015. The co-author of the book (Andrew Honig) will be hosting one of our most popular training tracks. Don't be surprised if you are offered a complimentary beer at the end of each training day.

Students also get a free copy of Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Course Description

Get a rapid introduction to Malware Analysis and Reverse Engineering from the guy who wrote the book. This crash course will train students on how to triage and analyze malicious software. Students will get hands-on experience in the art of dissecting malicious code and gain necessary skills in order to perform analysis in the field. This class prepares you for the Advanced Malware Analysis training that will be offered this Fall at Brucon.

Students will learn how to:

  • Get hands on experience analyzing backdoors, downloaders, keyloggers and spyware
  • Use key analysis tools like IDA Pro and OllyDbg
  • Analyze stealthy malware that hides its execution
  • Develop a methodology for unpacking malware and deal with the most popular packers
  • Quickly extract network signature and host-based indicators to locate and defeat malicious software
  • Apply new found knowledge of Windows Internals for malware analysis
  • Set up a safe virtual environment to analyze malware in a lab environment

Course Contents

Day 1

  • Malware Analysis overview
  • Setting up a safe environment
  • Basic static and dynamic techniques
  • Quickly obtaining signatures and indicators
  • A crash course in x86 Disassembly

Day 2

  • Using IDA Pro for reversing malware
  • Analyzing malicious Windows programs
  • Debugging malware

Day 3

  • Covert Malware Launching
  • Packers and Unpacking
  • Additional Special Topic as decided by the class

Prerequisites

  • Eagerness to learn by getting hands-on
  • Knowledge of operating systems and computer architectures
  • Basic computer programming skills with any language
  • Windows Internals knowledge is helpful but not required

Software and hardware requirements

VMware Workstation or Fusion installed. VMware Player is acceptable for this class, but generally not recommended. Roughly 30GB of free hard drive space for tools and the VMware image.

Trainer Biography

Andrew.Honig.jpg

Andrew Honig is a software security engineer for Google and a tech lead on the cloud security team where he works on virtualization and kernel security. He spent eight years with the National Security Agency where he taught courses on software analysis, reverse engineering, and Windows system programming at the National Cryptologic School. He discovered several vulnerabilities in virtualization software including VM escapes in VMware and KVM. He's the co-author of "Practical Malware Analysis" and developer of the FakeNet malware analysis tool.

Links:


Mon. 5 - 7 October 2015 (09:00 - 17:00)

Register.jpg

Back to Training Overview