I will mentor the SANS 610 - Reverse Engineering Malware class in Budapest, starting at the 19th of January, 2016. If you live in Budapest and wanted to take such a class, I highly recommend it, because this is a great course. Here are the details:
https://www.sans.org/mentor/class/for610-budapest-19jan2016-csaba-fitzl
You Will Learn How To:
- Build an isolated, controlled laboratory environment for analyzing the code and behavior of malicious programs.
- Employ network and system-monitoring tools to examine how malware interacts with the file system, registry, network, and other processes in a Windows environment.
- Uncover and analyze malicious JavaScript and VBScript components of web pages, which are often used by exploit kits for drive-by attacks.
- Control relevant aspects of the malicious program's behavior through network traffic interception and code patching to perform effective malware analysis.
- Use a disassembler and a debugger to examine the inner workings of malicious Windows executables.
- Bypass a variety of packers and other defensive mechanisms designed by malware authors to misdirect, confuse, and otherwise slow down the analyst.
- Recognize and understand common assembly-level patterns in malicious code, such as DLL injection and anti-analysis measures.
- Assess the threat associated with malicious documents, such as PDF and Microsoft Office files, in the context of targeted attacks.
- Derive Indicators of Compromise from malicious executables to perform incident response triage.
- Utilize practical memory forensics techniques to examine the capabilities of rootkits and other malicious program types.
No comments:
Post a Comment