Efficient malware analysis: comprehensive approach

Alexey Kleymenov

Trainer Name: Alexey Kleymenov
Title: Efficient malware analysis: comprehensive approach
Duration: 3 Days
Dates: Sept. 6, 2022 To Sept. 8, 2022

TRAINING OBJECTIVES

With the increasing geopolitical tension and high reputational and financial risks associated with potential compromises, malware analysis becomes more and more in demand. While it is possible in some cases to get a basic understanding of malware capabilities using behavioral analysis, it will show at best only part of the picture. In this course, we are going to follow the comprehensive approach covering the fundamental prerequisites before diving deep into all the nuances of static and dynamic analysis of various types of Windows executables operating in user mode so that it can be done fast and efficiently with nothing missed. During the course, we are going to work with real malware samples of various complexity.

Training level: Basic;Intermediate ;Advanced

TRAINING PREVIEW:

From zero to hero with no shortcuts: start dissecting malware like a pro!

TRAINING OUTLINE:

Day 1: Fundamentals: x86 platform & Windows executables

Day 2: Level up: unpacking & decryption

Day 3: Beyond assembly: VB & .NET-based threats

WHAT TO BRING?

Laptops capable of running VirtualBox VM (at least 4 Gb of RAM and plenty of disk space) and VirtualBox software installed
The VM will be provided, it needs to be downloaded IN ADVANCE as its size is several gigabytes
Account on VirusShare service to download lab and homework samples, follow https://virusshare.com/about steps to obtain a free account there

TRAINING PREREQUISITES:

The course is designed to suit all levels of expertise, from complete beginners to mature reverse engineers who want to level up and fill in potential gaps in their knowledge. Some prior knowledge of informatics, C programming, or reverse engineering will help speed up the process but is not obligatory.

WHO SHOULD ATTEND?

Students who want to enter the cybersecurity field, malware analysts, SOC analysts, incident responders, or anyone who is interested in malware analysis.

WHAT TO EXPECT?

By the end of the course, you should become able to confidently analyze various types of Windows executables of pretty much any level of complexity.

WHAT ATTENDEES WILL GET?

A virtual machine set up to analyze malware safely with all the required software pre-installed there

WHAT NOT TO EXPECT?

Because the course duration is only 3 days, we won't be able to cover absolutely all possible aspects of Windows malware including but not limited to script- or macro-based malware, exploits, kernel-mode threats, or more advanced topics like process injections or anti-RE techniques, these will be subject of future courses.

About Trainer

Alexey Kleymenov is a malware analyst and a software engineer with 14+ years of practical reverse engineering experience at several international antivirus companies. He took part in numerous e-crime and targeted attack-related investigations, and developed various systems to perform threat intelligence across both the traditional PC environment and the emerging IoT and OT areas. Alexey is a member of the ISC2 organization holding the CISSP certification and authored several patents in these fields. Finally, he is an author of the "Mastering Malware Analysis" book and a founder of the “Reverse Engineering and More” project teaching people how to perform malware analysis.