Introduction to Reverse Engineering Malware

Introduction to Reverse Engineering Malware

 *Terms and conditions apply. Only valid for those attending certain events across the above courses in March and April 2019, for new bookings confirmed and attended before the 30th April 2019. Pricing has been amended to reflect this discount and courses included in the offer. Not applicable with any other offer, discount structure or bundle purchase. Offer can only be used once. Existing bookings cannot be cancelled and re-booked using the offer. Bookings transferred to dates outside the promotional terms will be charged at RRP. QA's General Terms & Conditions of Business apply.

This course is a one day introduction to reverse engineering malware in the Linux environment. Delegates will be guided through the entire process gaining new skills and experience reverse engineering malicious software with an insight in to the techniques used by malware to spread and infect other machines and devices and obfuscate their activity.

Delegates will gain hands on experience using decompilers, debuggers, network traffic analysis tools, hex editors and memory analysis tools.

This course is aimed at an introductory level to those wishing to learn both the basics and advanced techniques used to reverse engineer software. This course would be ideal for incident responders who want to take a more proactive role in analyzing identified threats.

This course will be suitable for delegates interested in the SANS Institute course FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques.

Prerequisites

Experience with Linux is advantageous however it is not essential as the instructor will guide the delegates through each task.

Delegates will learn how to

The many different types of Linux malware
The dangers of IOT and the Mirai botnet
How to identify malware in the Linux environment
How to dissect and analyse a malicious binary application
How to dump and analyse malicious binary applications from memory (RAM)
How to manipulate malware with decompilers and hex editors
How to perform traffic analysis of malicious software in a sandboxed environment
How to identify and block the command and control centre used by the malware
How to analyse the threat and impact of the malware

Outline

Module 1 Identifying Malware:

This module covers the various types of malware and the techniques used by malware to spread and infect other devices and obfuscate themselves with a look at IOT and current threats.

This module will cover the following subjects:

 Identifying different types of malware
 The dangers of IOT and embedded devices
 The Mirai botnet
 Malware obfuscation methods
 Malware analysis tools and techniques
 Identifying malware in the Linux environment

Module 2 Analysing malware:

This module covers the various tools, techniques and procedures used to create safe sandboxed environments for analysing malware with hands on experience using virtual machines, debuggers, decompilers and network traffic analysis tools used to dissect and analyse malware.

Delegates will gain hands on experience in the following areas:

 Creating a safe virtual/sandboxed environments to analyse malware
 Using GDB and OllyDBG to dissect malware
 Using hex dump and hex edit to manipulate malware
 Identifying the C&C and recreating the C&C for further analysis
 Performing network traffic analysis of malware using tcpdump/Wireshark
 Analysing memory resident malware
 Understanding the threat
 Mitigating the threat