• Goa'16
  • Training
  • Reverse Engineering & Malware Analysis

Reverse Engineering & Malware Analysis

ABHISHEK DATTA

Trainer Name: Abhishek Datta
Title: Reverse Engineering & Malware Analysis
Duration: 2 Days

Objective

The objective of this program is to introduce participants with basic knowledge of programming, debugging and x86 assembly language to the art of Software Reverse Engineering and Malware Analysis. Various use-cases for Reverse Engineering and Malware Analysis along with live examples will be demonstrated during the session in order to impart a practical and result oriented training to the participants. The entire session will focus only on Win32 Platform however most of the techniques discussed are applicable for Win64 platform as well and some of them even for Linux or other Operating System platforms. Multiple CTF like challenges will be provided during the workshop in order to encourage the participants to try out various tools and techniques discussed during the session.



Course Content

  • Win32 Platform Overview
    • Platform Components Overview
    • Process Tracing and Analysis Tools
    • API Hooking Techniques
    • Debugging Tools for Windows
    • Scripted Debugging
  • PE File Format Overview
    • Headers, Sections, IAT, Exports, Relocation Table etc.
    • PE Loader Workflow
    • Custom PE Loader Development
  • x86 Assembly Language
    • Quick Introduction to x86 Architecture and Platform
  • Components
    • x86 Assembly Programming Basics
  • Static Analysis using IDA Pro
    • Program Disassembly and Walkthrough
    • Control Flow Graph
    • Call Graph
    • Bypassing Anti-Disassembler Techniques
  • Dynamic Analysis
    • Sysinternals Suite
    • Win32 Debugging API
    • Scripted Debugging & Process Analysis
    • Dynamic Binary Instrumentation using PIN
  • Malware Analysis Techniques
    • Introduction to Malware Classes
    • Dynamic Analysis of Malwares
    • Online Anti Virus Services
    • Malware Classification
    • Sandboxed Analysis
    • Sandboxie
    • Online Sandbox Services
    • Building your own Sandbox for Malware Analysis
    • Building a Malware Analysis Lab
  • Advanced Malware Analysis
    • Anti-Analysis Techniques
    • Unpacking Packed/Protected Executables
    • Rootkit Techniques
    • Rootkit Analysis using Live Memory Acquisition and Memory
  • Forensics
    • File Format Exploit Analysis
  • Web Malware Analysis
    • Drive by Downloads
    • Analyzing Malicious Java Applets
    • Analyzing Malicious SWF Files
    • Analyzing Javascript Malwares

Who Should Attend?

  • Information Security Professionals
  • Anyone interested in Learning Malware Analysis Tools and Techniques
  • Anyone interested in building Professional Malware Analysis Infrastructure

Why attend?

Upon completion of this course, participants will be able to :

  • Understand Win32 Platform in greater detail and perform Runtime Process Analysis
  • Understand Portable Executable File Format
  • Develop expertise in Analyzing different classes of Malwares
  • Develop expertise in building Malware Analysis Infrastructure

Prerequisites

  • Must have
    • Basic knowledge of C/C++ Programming
    • Basic knowledge of Perl/Python/Ruby Scripting
    • Basic knowledge of TCP/IP Networking
    • Familiarity with Virtual Machine Tools like VMware/VirtualBox
    • Familiarity with a Programmer's Text Editor (You MUST NOT code in Notepad)
  • Should have
    • Familiarity with x86 Assembly Language
    • Familiarity with Win32 Debuggers

What to Bring

  • Must have
    • Laptop with WiFi Support
    • Windows/Linux/OSX as base OS (preferably Ubuntu Linux)
    • Virtual Machines
    • Windows XP
    • Any Linux Distribution
    • Software (or Installers)
    • Ruby 1.9.x
    • Python 2.7.x
  • Should have
    • Malware Samples
    • Multiple Virtual Machines for Windows XP, Windows 7 etc
    • Questions and Doubts

What to expect

  • An interactive hands-on training session with live examples
  • Lots of coding and debugging sessions

What not to expect

  • Programming Language Coaching
  • Anything not related to Reverse Engineering!

About the Trainer

Abhisek Datta is the Founder and Principal Consultant at 3S Labs, a Security Services startup based out of Bangalore, India, specializing in Vulnerability Research and Penetration Testing services.

Previously he was employed with iViZ Techno Solutions Pvt Ltd as the Head of Research. He was responsible for leading the Vulnerability Research Team along with involvement in Security Tools development. He has extensive experience in the field of Network and Application Penetration Testing, Exploit Development, Reverse Engineering and Malware Analysis.

Some of his Open Source work is available at:https://github.com/abhisek/

Copyright © 2017-18 | Nullcon India | International Security Conference | All Rights Reserved