FOR710: SANS Cyber Defense Initiative® 2021

Provided by

What You Will Learn

As defenders hone their analysis skills and automated malware detection capabilities improve, malware authors have worked harder to achieve execution within the enterprise. The result is modular malware with multiple layers of obfuscation that executes in-memory to hinder detection and analysis. Malware analysts must be prepared to tackle these advanced capabilities and use automation whenever possible to handle the volume, variety and complexity of the steady stream of malware targeting the enterprise.

FOR710: Advanced Code Analysis continues where FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques course leaves off, helping students who have already attained intermediate-level malware analysis capabilities take their reversing skills to the next level. Authored by SANS Certified Instructor Anuj Soni, this course prepares malware specialists to dissect sophisticated Windows executables, such as those that dominate the headlines and preoccupy incident response teams across the globe.

Developing deep reverse-engineering skills requires consistent practice. This course not only includes the necessary background and instructor-led walk throughs, but also provides students with numerous opportunities to tackle real-world reverse engineering scenarios during class.

FOR710 Advanced Code Analysis Will Prepare You To:
  • Tackle code obfuscation techniques that hinder static code analysis, including the use of steganography.
  • Identify the key components of program execution to analyze multi-stage malware in memory.
  • Identify and extract shellcode during program execution.
  • Develop comfort with non-binary formats during malware analysis.
  • Probe the structures and fields associated with a PE header.
  • Use WinDBG Preview for debugging and assessing key process data structures in memory.
  • Identify encryption algorithms in ransomware used for file encryption and key protection.
  • Recognize Windows APIs that facilitate encryption and articulate their purpose.
  • Create Python scripts to automate data extraction.
  • Use Dynamic Binary Instrumentation (DBI) frameworks to automate common reverse engineering workflows.
  • Write scripts within Ghidra to expedite code analysis.
  • Correlate malware samples to identify similarities and differences between malicious binaries and track the evolution of variants.
  • Build rules to identify, group and classify malware.
Course Topics:
  • Code deobfuscation
  • Program execution
  • Shellcode analysis
  • Steganography
  • Multi-stage malware
  • WinDbg Preview
  • Encryption algorithms
  • Python scripting for malware analysis
  • Dynamic Binary Instrumentation (DBI) Frameworks
  • Payload and config extraction
  • Scripting with Ghidra
  • Malware correlation
  • YARA rules
  • Capa rules
What You Will Receive With This Course:
  • Windows 10 VM with pre-installed malware analysis and reversing tools.
  • Real-world malware samples to examine during and after class.
  • Coursebooks and workbook with detailed step-by-step exercise instruction.

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...