Friday, October 23, 2015

SANS FOR 610 - Reverse Engineering Malware mentor class in Budapest

I will mentor the SANS 610 - Reverse Engineering Malware class in Budapest, starting at the 19th of January, 2016. If you live in Budapest and wanted to take such a class, I highly recommend it, because this is a great course. Here are the details:

You Will Learn How To:

  • Build an isolated, controlled laboratory environment for analyzing the code and behavior of malicious programs.
  • Employ network and system-monitoring tools to examine how malware interacts with the file system, registry, network, and other processes in a Windows environment.
  • Uncover and analyze malicious JavaScript and VBScript components of web pages, which are often used by exploit kits for drive-by attacks.
  • Control relevant aspects of the malicious program's behavior through network traffic interception and code patching to perform effective malware analysis.
  • Use a disassembler and a debugger to examine the inner workings of malicious Windows executables.
  • Bypass a variety of packers and other defensive mechanisms designed by malware authors to misdirect, confuse, and otherwise slow down the analyst.
  • Recognize and understand common assembly-level patterns in malicious code, such as DLL injection and anti-analysis measures.
  • Assess the threat associated with malicious documents, such as PDF and Microsoft Office files, in the context of targeted attacks.
  • Derive Indicators of Compromise from malicious executables to perform incident response triage.
  • Utilize practical memory forensics techniques to examine the capabilities of rootkits and other malicious program types.

No comments: