Malware Analysis – How to do it Right

Malware Analysis - How to do it Right

Main Speaker:

Tracks:

After Event Workshops
cyber

Seminar Categories:

After Event Cyber
After Event Workshops
After Event Workshops
Cyber
Cyber

Course ID:

43770

Date:

13.07.2020

Time:

Daily seminar
9:00-16:30

43770

Overview

This course will introduce students to modern malware analysis techniques through readings and hands on interactive analysis of real-world samples. After taking this course students will be equipped with the skills to analyze advanced contemporary malware using both static and dynamic analysis.

Who Should Attend

  • Workers in IT industry
  • Workers in information security industry
  • Workers in SOC teams
  • Anyone who interested in information security industry
  • Anyone who interested to investigate Windows malwares

Prerequisites

  • Basic knowledge in PC environment
  • Basic knowledge in Windows OS environment

Course Contents

Module 1:

  • Malware Analysis Primer
    • Goals of Malware Analysis
    • Incident Response Role
    • Anti-Virus Signatures
    • Types of Malware and Definitions
  • Malware Extraction
    • Receive it as a PCAP file
    • Receive it as a Memory

Module 2:

  • Basic Static Techniques
    • Digital Signatures
    • Anti-virus Scanning
    • PE file
    • Strings, Functions and Headers
    • DLL Linking Methods
    • Packed Malware
  • Basic Dynamic Analysis
    • Configuring Sandbox for Examine
    • Process Monitor
    • Process Explorer
    • Creating Fake Networking
    • Registry Analysis

 

 

 

Windows Host Forensics

 

  • Hash – digital signature
    • The use of hash for forensics
    • Different kinds of hash
  • Startup files
    • Msconfig
    • Autostart
    • Task manager
  • Mastering windows tools
    • Chkdsk
    • Defragment
    • Task list
  • Formatting vs. wiping
    • Different methods and tools
    • Demo: close up into drive formatting
  • Restoring files
    • Hard disk
      • Deleted files
      • Fragmented files
      • Hidden files
    • Memory
      • Extracting data from RAM
      • sys
      • Swap file
      • Registry files

 

 

 

 



DevGeekWeek 2020





By entering your email address, you agree that John Bryce training will use it for marketing purposes, emails and newsletter, as well as promotional offers and announcements, according to John Bryce training & Matrix group privacy policy. Your data will be saved in our computerized database, number 700019285. You can unsubscribe at any time by mailing infomail@johnbryce.co.il or by calling 03-7100777.

Contact

DevGeekWeek 2020





By entering your email address, you agree that John Bryce training will use it for marketing purposes, emails and newsletter, as well as promotional offers and announcements, according to John Bryce training & Matrix group privacy policy. Your data will be saved in our computerized database, number 700019285. You can unsubscribe at any time by mailing infomail@johnbryce.co.il or by calling 03-7100777.

Skip to content