About The Training
Goa 2025 | Trainings
- AI Security: Terminating The Terminator
- Advanced Infrastructure Security Assessment
- Attack and Defend Software Supply Chains
- Azure Cloud Attacks for Red and Blue Teams
- Blocking the Storm: A Hands-On Guide to Hardening and Securing Kubernetes Clusters
- DevSecOps - A Hands-on Experience
- Efficient Malware Analysis: Comprehensive Approach
- HackTheWeb: Pentesting Beyond Basics
- Hacking Android Applications
- IoT Security Bootcamp GOA Edition
- Rapid Threat Model Prototyping (RTMP) - Agile Threat Modeling Mastery including Cloud and AI
- Slaying the RE Dragon: Mastering Reverse Engineering
- The Application Security Tool Stack - How to Discover Vulnerabilities in Software
Efficient Malware Analysis: Comprehensive Approach
Start Date: Feb 26, 2025
End Date: Feb 28, 2025
Venue: TBA
With the increasing geopolitical tension and high reputational and financial risks associated with potential compromises, malware analysis is becoming more and more in demand. While it is possible in some cases to get a basic understanding of malware capabilities using behavioral analysis, it will show at best only part of the picture. In this course, we are going to follow the comprehensive approach covering the fundamental prerequisites before diving deep into all the nuances of static and dynamic analysis of various types of Windows executables operating in user mode so that it can be done fast and efficiently with nothing missed. During the course, we are going to work with real malware samples of various complexity.
Basic - Intermediate - Advanced
Day 1: Fundamentals: x86 platform & Windows executables
Relevant essentials of informatics:
- Binary and hexadecimal number systems
- Bitwise operations
- Data units and types
- String encodings
Fundamentals of x86 platform (32- and 64-bit):
- CPU
- Memory
- Stack
- Instruction set
- Breakpoints
- Calling conventions
Day 2: Level up: unpacking & decryption
Basics of Windows internals:
- WinAPIs
- PE file structure
101 of Unpacking:
- Methodology
- Manual unpacking
- Memory dumping & import reconstruction
Cryptography essentials:
- Overview
- Modes of operation
- RC4, AES and RSA in detail
- Applications in malware
Decryption workflow:
- Searching and identification
- Basics of cryptanalysis
- Handling encrypted data
Day 3: Beyond assembly: VB & .NET-based threats
Bytecode explained:
Handling Visual Basic malware:
- Overview
- File structure and P-code instructions
- Static and dynamic analysis
Exploring .NET threats:
- Overview
- File format and CIL
- Static and dynamic analysis
- Handling obfuscated .NET malware
- Bring a laptop capable of running an x64 virtual machine (it should have a compatible CPU, at least 4 Gb of RAM and plenty of disk space) with VirtualBox or VMware software installed.
- The VM will be provided, it is strongly recommended to download it IN ADVANCE as its size is several gigabytes.
- Create a free account on VirusShare service to download lab and homework samples, follow https://virusshare.com/about
steps to obtain a free account there
The course is designed to suit all levels of expertise, from complete beginners to mature reverse engineers who want to level up and fill in potential gaps in their knowledge. Some prior knowledge of informatics, C programming, or reverse engineering will help speed up the process but is not obligatory.
SOC analysts, incident responders, malware analysts, IT engineers who want to enter the cybersecurity field, or anyone who is interested in malware analysis and wants to level up their career.
By the end of the course, you should become able to confidently analyze various types of Windows executables of pretty much any level of complexity.
A virtual machine set up to analyze malware safely with all the required software pre-installed there
Because the course duration is only 3 days, we won't be able to cover absolutely all possible aspects of Windows malware including but not limited to script- or macro-based malware, exploits, kernel-mode threats, or more advanced topics like process injections or anti-RE techniques, these will be subject of future courses.
Alexey Kleymenov is a malware analyst and a software engineer with 16+ years of practical reverse engineering experience at several international antivirus companies. He took part in numerous e-crime and targeted attack-related investigations, and developed various systems to perform threat intelligence across both the traditional PC environment and the emerging IoT and OT areas. Alexey is a member of the ISC2 organization holding the CISSP certification and authored several patents in these fields. He is the author of the "Mastering Malware Analysis" book and a founder of the “Reverse Engineering and More” project teaching people how to perform malware analysis.