Aug-On-Demand-Malware RE basic to Advanced.pdf
abhijitmohanta1
35 views
32 slides
Aug 07, 2024
Slide 1 of 32
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
About This Presentation
Malware Reverse Engineering Training by Abhijit Mohanta
Slide Content
Malware Reverse Engineering:
Beginner to Advanced
On-Demand Training
30,000 INR / 375 USD
excluding taxes
Author of books
By Abhijit Mohanta,
https://academy.intelliroot.com/
1.Basic Malware Analysis
2.Reverse Engineering
3.Detection Engineering
4. Malware Development
4 in 1
Malware
Analysis Course
Beginner to Advanced
On-Demand Training
30,000 INR / 375 USD
excluding taxes
Author of books
By Abhijit Mohanta,
https://academy.intelliroot.com/
1.Basic Malware Analysis
2.Reverse Engineering
3.Detection Engineering
4. Malware Development
4 in 1
Malware
Analysis Course
About Trainer : Abhijit MohantaAbout Trainer : Abhijit Mohanta
CTO and Co-Founder, Intelliroot
17+ in malware industry as security researcher
2 books, 6 patents, multiple blogs, paper presentation in conferences
Development of Antivirus, Sandbox, EDR
Worked at Mcafee, Symantec, Juniper Labs
Worked Malware analysis and Detection, Reverse Engineering,
Vulnerability Research
provided training at NASSCOM, DIAT(Defense Institute of advanced
technology), AICTE
Spoke at various conferences DSCI, AVAR, SANS, x33Fcon, DMZCon
CTO and Co-Founder, Intelliroot
17+ in malware industry as security researcher
2 books, 6 patents, multiple blogs, paper presentation in conferences
Development of Antivirus, Sandbox, EDR
Worked at Mcafee, Symantec, Juniper Labs
Worked Malware analysis and Detection, Reverse Engineering,
Vulnerability Research
provided training at NASSCOM, DIAT(Defense Institute of advanced
technology), AICTE
Spoke at various conferences DSCI, AVAR, SANS, x33Fcon, DMZCon
Testimonials from StudentsTestimonials from Students
UniquenessUniqueness
Beginner friendly
Quick recap of basic Malware Analysis
Detailed Assembly Instructions explanation with labs
Detailed Windows Internals explanation with labs
Concepts explained with animations and custom samples
Covers all kind of diversities in Windows Malwares
Malwares written in various programming languages VC++, VB, Golang
Reverse Engineering of Ransomwares, POS malwares, Rootkits
Learn to de-obfuscate and unpack malwares
Learn to analyze variety of techniques used in Malware Anti-techniques, API hooking,
Code Injection, Rootkits
Learn to multiple RE tools
Ghidra, Ollydbg, x64Dg, IDA pro, Process Hacker
Close to 100 labs exercise covering
Approximate 40 hours for video
Beginner friendly
Quick recap of basic Malware Analysis
Detailed Assembly Instructions explanation with labs
Detailed Windows Internals explanation with labs
Concepts explained with animations and custom samples
Covers all kind of diversities in Windows Malwares
Malwares written in various programming languages VC++, VB, Golang
Reverse Engineering of Ransomwares, POS malwares, Rootkits
Learn to de-obfuscate and unpack malwares
Learn to analyze variety of techniques used in Malware Anti-techniques, API hooking,
Code Injection, Rootkits
Learn to multiple RE tools
Ghidra, Ollydbg, x64Dg, IDA pro, Process Hacker
Close to 100 labs exercise covering
Approximate 40 hours for video
Student MaterialStudent Material
1(One) year access of the course online videos of “Malware Reverse
Engineering: Beginner to Advanced (On-Demand)” hosted on
https://academy.intelliroot.com/
Malware Samples provided
No pdf’s would be provided
Doubt clearance sessions
Career Guidance in Malware Analysis
1(One) year access of the course online videos of “Malware Reverse
Engineering: Beginner to Advanced (On-Demand)” hosted on
https://academy.intelliroot.com/
Malware Samples provided
No pdf’s would be provided
Doubt clearance sessions
Career Guidance in Malware Analysis
Table Of Contents
Module 1. Introduction (1 hour)
Table Of Contents
Module 1. Introduction (1 hour)
The module covers the following : Malware Analysis in roles require
malware analysis.
The module covers the following topics:
Introduction
Lab setup
Module 1. Introduction (1 hour)
Table Of Contents
Module 1. Introduction (1 hour)
The module covers the following : Malware Analysis in roles require
malware analysis.
The module covers the following topics:
Introduction
Lab setup
Module 2. PE file format (1.5 hours)Module 2. PE file format (1.5 hours)
A portable executable has many fields which are
required to understand not only for basic analysis but
also to understand complex concepts like Hooking.
The module covers the following concepts:
PE file creation
PE file static attributes
PE file execution and it's mapping into virtual memory
Important concepts in the PE file like VA, RVA, Entry
point, imports, exports
Different types of PE filesDifficulty level: beginner
A portable executable has many fields which are
required to understand not only for basic analysis but
also to understand complex concepts like Hooking.
The module covers the following concepts:
PE file creation
PE file static attributes
PE file execution and it's mapping into virtual memory
Important concepts in the PE file like VA, RVA, Entry
point, imports, exports
Different types of PE filesDifficulty level: beginner
Module 3. Windows Internals (45 minutes)Module 3. Windows Internals (45 minutes)
The module gives a superficial idea on Windows Operating system
which is required for malware analysis.
The module covers the following concepts :
Windows File System
Basic Process internals like process virtual memory, handles, thread Thread
Context
Windows Registry
Difficulty level: beginner
The module gives a superficial idea on Windows Operating system
which is required for malware analysis.
The module covers the following concepts :
Windows File System
Basic Process internals like process virtual memory, handles, thread Thread
Context
Windows Registry
Difficulty level: beginner
Module 4. Basic Malware Analysis (45 mins)Module 4. Basic Malware Analysis (45 mins)
This module serves as a quick revision review of both static and dynamic analysis
methodologies, encompassing critical topics such as virtual memory analysis and
API logging often overlooked by analysts. The module is also helpful for those who
are completely new to malware analysis.
The module covers the following:
Malware Analysis steps
Static analysis
File format identification
Use of procmon
Virtual Memory analysis and string extraction
API logging
Difficulty level: beginner
This module serves as a quick revision review of both static and dynamic analysis
methodologies, encompassing critical topics such as virtual memory analysis and
API logging often overlooked by analysts. The module is also helpful for those who
are completely new to malware analysis.
The module covers the following:
Malware Analysis steps
Static analysis
File format identification
Use of procmon
Virtual Memory analysis and string extraction
API logging
Difficulty level: beginner
Module 5. Tools manual (2 hours)Module 5. Tools manual (2 hours)
Reverse Engineering necessitates proficiency with a set of tools such as
Ghidra, IDA, and x64Dbg. The module teaches about configuration and
basic usage of all the tools
The module covers the configuration and basic usage of following tools:
Ghidra
Ollydbg
x64Dbg
IDA
API loggers
Others
Difficulty level: beginner
Reverse Engineering necessitates proficiency with a set of tools such as
Ghidra, IDA, and x64Dbg. The module teaches about configuration and
basic usage of all the tools
The module covers the configuration and basic usage of following tools:
Ghidra
Ollydbg
x64Dbg
IDA
API loggers
Others
Difficulty level: beginner
Module 6. Assembly instruction (4 hours)Module 6. Assembly instruction (4 hours)
Assembly language is always a hurdle for those who aspire to learn Reverse Engineer.
The module has been specially designed for beginners so that they can learn assembly
easily. Learning process has been smoothened with help of animations and custom
tailored samples.
The module covers the following topics:
Computer architecture -code execution, instructions, registers ,memory
Data movement instruction
String instructions
Arithmetic instruction
Control flow instructions
Functions calls, parameters, stack
Memory layout of arrays, stacks, local variables
Calling Conventions
Understanding Instructions, Opcodes
Difficulty level: beginner and intermediate
Assembly language is always a hurdle for those who aspire to learn Reverse Engineer.
The module has been specially designed for beginners so that they can learn assembly
easily. Learning process has been smoothened with help of animations and custom
tailored samples.
The module covers the following topics:
Computer architecture -code execution, instructions, registers ,memory
Data movement instruction
String instructions
Arithmetic instruction
Control flow instructions
Functions calls, parameters, stack
Memory layout of arrays, stacks, local variables
Calling Conventions
Understanding Instructions, Opcodes
Difficulty level: beginner and intermediate
Module 7. Disassembly reading (1 hour)Module 7. Disassembly reading (1 hour)
The module focuses on reading disassembly and deriving meaning from
them.
The module covers the following concepts:
Read code listing in disassembler, debugger
Identify local variables, global variables
Identify functions, parameters
Identify array and structures
Identify complex data structures like array of structures and linked lists
Difficulty level: beginner, intermediate and Advanced
The module focuses on reading disassembly and deriving meaning from
them.
The module covers the following concepts:
Read code listing in disassembler, debugger
Identify local variables, global variables
Identify functions, parameters
Identify array and structures
Identify complex data structures like array of structures and linked lists
Difficulty level: beginner, intermediate and Advanced
Module 8 -Windows Internals part 1 -Windows API Internals
(30 minutes)
Module 8 -Windows Internals part 1 -Windows API Internals
(30 minutes)
Windows malwares implements various malicious techniques with the help of
API’s. As such one needs to understand how to analyze the API’s. Also
understanding of API internals can be helpful to understand how detection
techniques are developed and even helpful to understand how malwares evade
detection.
The module covers the following concepts:
Referencing to API documentation
How to read API parameters
Analyze parameters passed as structures
API variations -NT versions, Ascii, Unicode
Understanding API call flow from user to kernel, Syscall-concept useful in analyzing
malwares, EDR bypass techniques, API hooking
Identifying API sequences in malware code to identify techniques employed by malwaresDifficulty level: beginner, intermediate and Advanced
(30 minutes)
Module 8 -Windows Internals part 1 -Windows API Internals
(30 minutes)
Windows malwares implements various malicious techniques with the help of
API’s. As such one needs to understand how to analyze the API’s. Also
understanding of API internals can be helpful to understand how detection
techniques are developed and even helpful to understand how malwares evade
detection.
The module covers the following concepts:
Referencing to API documentation
How to read API parameters
Analyze parameters passed as structures
API variations -NT versions, Ascii, Unicode
Understanding API call flow from user to kernel, Syscall-concept useful in analyzing
malwares, EDR bypass techniques, API hooking
Identifying API sequences in malware code to identify techniques employed by malwaresDifficulty level: beginner, intermediate and Advanced
Module 9 -windows Internals -part 2 -Common
API sequences in Malwares (1 hour)
Module 9 -windows Internals -part 2 -Common
API sequences in Malwares (1 hour)
Covers commonly seen API sequences across all kinds of malware. The
knowledge of commonly seen API's helps in accelerating Reverse
Engineering as they are common across most malwares hence one does
not need to re-analysethem.
The module covers the following concepts:
Process iteration
File iteration
API resolution
Resource extraction
Registry manipulation
Thread API’s
Difficulty level: beginner, intermediate and Advanced
API sequences in Malwares (1 hour)
Module 9 -windows Internals -part 2 -Common
API sequences in Malwares (1 hour)
Covers commonly seen API sequences across all kinds of malware. The
knowledge of commonly seen API's helps in accelerating Reverse
Engineering as they are common across most malwares hence one does
not need to re-analysethem.
The module covers the following concepts:
Process iteration
File iteration
API resolution
Resource extraction
Registry manipulation
Thread API’s
Difficulty level: beginner, intermediate and Advanced
Module 10 -windows Internals -part 3 -Debug
DLL, COM Objects, Services, PEB (1 hour)
Module 10 -windows Internals -part 3 -Debug
DLL, COM Objects, Services, PEB (1 hour)
Learn techniques to debug programs which cannot be debugged straight
forward like and exe files.
The module covers the following concepts:
Debugging DLL
Debugging COM Objects
Debugging Windows Services
Difficulty level: beginner, intermediate and Advanced
DLL, COM Objects, Services, PEB (1 hour)
Module 10 -windows Internals -part 3 -Debug
DLL, COM Objects, Services, PEB (1 hour)
Learn techniques to debug programs which cannot be debugged straight
forward like and exe files.
The module covers the following concepts:
Debugging DLL
Debugging COM Objects
Debugging Windows Services
Difficulty level: beginner, intermediate and Advanced
Module 11 -Cryptography in Malwares
( 1 hour 15 mins)
Module 11 -Cryptography in Malwares
( 1 hour 15 mins)
Cryptography is used in malwares to hide it’s own data and more
popularly in Ransomware. Understanding of the topic would help you to
debug ransomwares which is covered in the payload Analysis Module.
The module covers the following concepts:
Understand and Debug Windows Cryptographic API
Identify Crypto Algorithms in malwares
Difficulty level: beginner, intermediate and Advanced
( 1 hour 15 mins)
Module 11 -Cryptography in Malwares
( 1 hour 15 mins)
Cryptography is used in malwares to hide it’s own data and more
popularly in Ransomware. Understanding of the topic would help you to
debug ransomwares which is covered in the payload Analysis Module.
The module covers the following concepts:
Understand and Debug Windows Cryptographic API
Identify Crypto Algorithms in malwares
Difficulty level: beginner, intermediate and Advanced
Module 12 -Compilers used by Malwares
( 30 minutes)
Module 12 -Compilers used by Malwares
( 30 minutes)
Compilers play a critical role in generating both legitimate and
malicious binaries. Compilers insert it’s own code in compiled binaries
which can be common in both malwares and clean files. Hence analysts
might end up analyzing the compiler code instead of actual malicious
code.
The module covers the following topics:
Identify compiler used to write malware
Identify compiler stub
Identify main in VC++ binaries
Difficulty level: beginner, intermediate and Advanced
( 30 minutes)
Module 12 -Compilers used by Malwares
( 30 minutes)
Compilers play a critical role in generating both legitimate and
malicious binaries. Compilers insert it’s own code in compiled binaries
which can be common in both malwares and clean files. Hence analysts
might end up analyzing the compiler code instead of actual malicious
code.
The module covers the following topics:
Identify compiler used to write malware
Identify compiler stub
Identify main in VC++ binaries
Difficulty level: beginner, intermediate and Advanced
Module 13 -Networking in Malwares
(1 hour 45 mins)
Module 13 -Networking in Malwares
(1 hour 45 mins)
All kinds of malwares use the network to communicate with the CnC,
exfiltrate data to the attacker.
The module covers the following concepts:
Basic concepts like network endiansand related API's like htons
Understand socket API's, HTTP API's
Locating DGA algorithms
Identify Lateral movement code in malwares
Difficulty level: beginner, intermediate and Advanced
(1 hour 45 mins)
Module 13 -Networking in Malwares
(1 hour 45 mins)
All kinds of malwares use the network to communicate with the CnC,
exfiltrate data to the attacker.
The module covers the following concepts:
Basic concepts like network endiansand related API's like htons
Understand socket API's, HTTP API's
Locating DGA algorithms
Identify Lateral movement code in malwares
Difficulty level: beginner, intermediate and Advanced
Module 14-Packers and Unpacking(3 hours)Module 14-Packers and Unpacking(3 hours)
Malwares use packers to protect executables from static file detection
used in Antivirus. The packer hides the actual functionality of the malware.
In order to understand the actual functionality of the packer, one needs to
unpack it and extract the actual payload by unpacking.
The module covers the following concepts:
Understand packers and process of packing binaries
steps and code involved in packed binary execution
unconventional and undocumented ways to unpack malwares
systematic way to Reverse packed binaries rather than just putting breakpoint on
some API's
Difficulty level: beginner, intermediate and Advanced
Malwares use packers to protect executables from static file detection
used in Antivirus. The packer hides the actual functionality of the malware.
In order to understand the actual functionality of the packer, one needs to
unpack it and extract the actual payload by unpacking.
The module covers the following concepts:
Understand packers and process of packing binaries
steps and code involved in packed binary execution
unconventional and undocumented ways to unpack malwares
systematic way to Reverse packed binaries rather than just putting breakpoint on
some API's
Difficulty level: beginner, intermediate and Advanced
Module 15 -Code Injection ( 2 hours)Module 15 -Code Injection ( 2 hours)
Malware use code injection to conceal their actual functionality by
injecting code into clean processes. Code injection is further used in
concepts like API hooking which in turn is used by rootkits as well.
The module covers the following concepts:
Conventional code injection techniques like shellcode injection and DLL injection
Advanced techniques like Thread hijacking, section and views, process hollowing
Learn tricks to debug both the injector as well as injected code
Difficulty level: beginner, intermediate and Advanced
Malware use code injection to conceal their actual functionality by
injecting code into clean processes. Code injection is further used in
concepts like API hooking which in turn is used by rootkits as well.
The module covers the following concepts:
Conventional code injection techniques like shellcode injection and DLL injection
Advanced techniques like Thread hijacking, section and views, process hollowing
Learn tricks to debug both the injector as well as injected code
Difficulty level: beginner, intermediate and Advanced
Module 16 -API Hooking -( 2.5 hours)Module 16 -API Hooking -( 2.5 hours)
API hooking is a method to modify functionality of a process by
manipulating the API in memory. The concept is used by anti-malware
softwaresas well as malwares. API hooking is used by banking trojans
and rootkits. In the module, one would understand the working of hooks
and recognize them in disassembly.
The module covers the following concepts:
API hooking basics
Type of API hooks -inline hooking, IAT hooking etc
Identifying and Debugging hooks
Banking Trojans Web injects and debugging of Web Inject malware
Difficulty level: beginner, intermediate and Advanced
API hooking is a method to modify functionality of a process by
manipulating the API in memory. The concept is used by anti-malware
softwaresas well as malwares. API hooking is used by banking trojans
and rootkits. In the module, one would understand the working of hooks
and recognize them in disassembly.
The module covers the following concepts:
API hooking basics
Type of API hooks -inline hooking, IAT hooking etc
Identifying and Debugging hooks
Banking Trojans Web injects and debugging of Web Inject malware
Difficulty level: beginner, intermediate and Advanced
Module 17 -Rootkits -part 1 -User Mode Rootkit
( 1 hour)
Module 17 -Rootkits -part 1 -User Mode Rootkit
( 1 hour)
Malwares use rootkits to hide artifacts like file, processes. Rootkits can
be user mode or kernel mode. The module covers working of user mode
rootkits and their analysis.
The module covers the following concepts:
Use of API hooks in rootkits
Disassembly analysis of user mode rootkit
Difficulty level: Intermediate and Advanced
( 1 hour)
Module 17 -Rootkits -part 1 -User Mode Rootkit
( 1 hour)
Malwares use rootkits to hide artifacts like file, processes. Rootkits can
be user mode or kernel mode. The module covers working of user mode
rootkits and their analysis.
The module covers the following concepts:
Use of API hooks in rootkits
Disassembly analysis of user mode rootkit
Difficulty level: Intermediate and Advanced
Module 18 -Rootkit -part 2 -Kernel Driver-basics
(15 mins)
Module 18 -Rootkit -part 2 -Kernel Driver-basics
(15 mins)
Kernel mode rootkits are implemented using kernel drivers. The module
explains the working of kernel drivers and teaches how to debug them.
Only basics are covered which are enough to kickstart analysis of kernel
drivers.
Following concepts are covered in the module
Basic concepts of windows driver -driver objects
irp’s
ioctl’s
Driver Installation
Difficulty level: Basic and Intermediate
(15 mins)
Module 18 -Rootkit -part 2 -Kernel Driver-basics
(15 mins)
Kernel mode rootkits are implemented using kernel drivers. The module
explains the working of kernel drivers and teaches how to debug them.
Only basics are covered which are enough to kickstart analysis of kernel
drivers.
Following concepts are covered in the module
Basic concepts of windows driver -driver objects
irp’s
ioctl’s
Driver Installation
Difficulty level: Basic and Intermediate
Module 18 -Rootkit -part 3 –Kernel Debugging
( 1 hour)
Module 18 -Rootkit -part 3 –Kernel Debugging
( 1 hour)
The module talks about debugging a kernel rootkit starting with
configuration of Windbgfor remote Debugging till debugging the driver
code.
The module covers the following topics:
Configuring Windbgfor remote kernel debugging
Breaking at entry point of kernel drivers
SSDT rootkit concept
DKOM rootkit concept
Debug a DKOM rootkit
Difficulty level: Intermediate and Advanced
( 1 hour)
Module 18 -Rootkit -part 3 –Kernel Debugging
( 1 hour)
The module talks about debugging a kernel rootkit starting with
configuration of Windbgfor remote Debugging till debugging the driver
code.
The module covers the following topics:
Configuring Windbgfor remote kernel debugging
Breaking at entry point of kernel drivers
SSDT rootkit concept
DKOM rootkit concept
Debug a DKOM rootkit
Difficulty level: Intermediate and Advanced
Module 19 -.netReverse Engineering( 1.5 hours)Module 19 -.netReverse Engineering( 1.5 hours)
A lot of malwares today are known to use .net. In this module one would
learn various approaches to reverse engineer .netmalwares.
The module covers the following concepts:
Basic working and analysis of .netexecutables
Debugging .netbinaries
Unpacking de-obfuscating .netbinaries
Use of tools like DNSpy, De4Dot
Difficulty level: Beginner, Intermediate and Advanced
A lot of malwares today are known to use .net. In this module one would
learn various approaches to reverse engineer .netmalwares.
The module covers the following concepts:
Basic working and analysis of .netexecutables
Debugging .netbinaries
Unpacking de-obfuscating .netbinaries
Use of tools like DNSpy, De4Dot
Difficulty level: Beginner, Intermediate and Advanced
Module 20 -VB Malware ( 30 mins)Module 20 -VB Malware ( 30 mins)
Malware analysts might often encounter malwares written in Visual
basic. In this module one would learn to analysevisual basic binaries.
The module covers the following concepts:
Basics of visual basic binaries
Reverse Engineering visual basic binaries
Difficulty level: Beginner, Intermediate
Malware analysts might often encounter malwares written in Visual
basic. In this module one would learn to analysevisual basic binaries.
The module covers the following concepts:
Basics of visual basic binaries
Reverse Engineering visual basic binaries
Difficulty level: Beginner, Intermediate
Module 21 -Golang Malware RE ( 30 mins)Module 21 -Golang Malware RE ( 30 mins)
There is a growth in malwares written in golang. In this module one
would learn to analysegolangcompiled binaries.
The module covers the following concepts:
Basic of golangbinaries
Reverse Engineering golangbinaries
Difficulty level: Beginner, Intermediate
There is a growth in malwares written in golang. In this module one
would learn to analysegolangcompiled binaries.
The module covers the following concepts:
Basic of golangbinaries
Reverse Engineering golangbinaries
Difficulty level: Beginner, Intermediate
Module 22 -Anti-Analysis / Evasion techniques in
malware( 1 hour)
Module 22 -Anti-Analysis / Evasion techniques in
malware( 1 hour)
Malwares use anti-techniques to evade analysis and evade security
software like EDR's, Antivirus, Sandboxes. In this module one is going to
learn about anti-techniques and how to locate and bypass them.
The module covers the following concepts:
Anti-VM
API hashing
UAC bypass
Anti-Debug
Sandbox evasion
EDR and endpoint evasion
Difficulty level: Beginner, Intermediate and Advanced
malware( 1 hour)
Module 22 -Anti-Analysis / Evasion techniques in
malware( 1 hour)
Malwares use anti-techniques to evade analysis and evade security
software like EDR's, Antivirus, Sandboxes. In this module one is going to
learn about anti-techniques and how to locate and bypass them.
The module covers the following concepts:
Anti-VM
API hashing
UAC bypass
Anti-Debug
Sandbox evasion
EDR and endpoint evasion
Difficulty level: Beginner, Intermediate and Advanced
Module 23 –Payload Analysis
(2.5 hours)
Module 23 –Payload Analysis
(2.5 hours)
There are a variety of malwares today which includes ransomware stealers,
wipers, POS Malwares, ATM malware, RAT's etc. The module helps you to
understand these malwares and the techniques used by them which can be used
to enhance detection features in anti-malware products.
The module covers the following topics:
dentification of and Ransomware techniques
dentification and analysis of keylogging code
dentification and analysis of stealer code targeting browsers
dentification of Code related to taking screenshots, controlling webcam etc
dentification of POS stealing code
Reverse Engineer real Ransomware, POS malware, RAT’s
Difficulty level: Beginner, Intermediate and Advanced
(2.5 hours)
Module 23 –Payload Analysis
(2.5 hours)
There are a variety of malwares today which includes ransomware stealers,
wipers, POS Malwares, ATM malware, RAT's etc. The module helps you to
understand these malwares and the techniques used by them which can be used
to enhance detection features in anti-malware products.
The module covers the following topics:
dentification of and Ransomware techniques
dentification and analysis of keylogging code
dentification and analysis of stealer code targeting browsers
dentification of Code related to taking screenshots, controlling webcam etc
dentification of POS stealing code
Reverse Engineer real Ransomware, POS malware, RAT’s
Difficulty level: Beginner, Intermediate and Advanced
Module 24 –Reverse Engineering Malicious Scripts
and Documents
(1 hour)
Module 24 –Reverse Engineering Malicious Scripts
and Documents
(1 hour)
The module covers analysis of malicious documents. Covers obfuscations
techniques and de-obfuscating word macros
The module covers the following:
Obfuscation techniques
File formats of word documents
VBA macros
De-obfuscating macros with MSOffice VBA debugger
Difficulty level: Beginner, Intermediate and Advanced
and Documents
(1 hour)
Module 24 –Reverse Engineering Malicious Scripts
and Documents
(1 hour)
The module covers analysis of malicious documents. Covers obfuscations
techniques and de-obfuscating word macros
The module covers the following:
Obfuscation techniques
File formats of word documents
VBA macros
De-obfuscating macros with MSOffice VBA debugger
Difficulty level: Beginner, Intermediate and Advanced
Module 26 –Malware Development : Basic Level
(25 minutes)
Module 26 –Malware Development : Basic Level
(25 minutes)
The module talk about writing malware using VC++. The module teaches
how to write a basic malware using VC++ and VB Macros.
The module covers the following:
Coding a Word Macro Downloader
VC++ Compiler Settings for malware Development
A VC++ downloader
Add Anti-Debugging using inline assembly and Win32 API
Packing the binary
C2 Framework network communication
A basic shellcode injector
Difficulty level: Beginner
(25 minutes)
Module 26 –Malware Development : Basic Level
(25 minutes)
The module talk about writing malware using VC++. The module teaches
how to write a basic malware using VC++ and VB Macros.
The module covers the following:
Coding a Word Macro Downloader
VC++ Compiler Settings for malware Development
A VC++ downloader
Add Anti-Debugging using inline assembly and Win32 API
Packing the binary
C2 Framework network communication
A basic shellcode injector
Difficulty level: Beginner
Module 27 –Reverse Engineering Best
Practices
Module 27 –Reverse Engineering Best
Practices
The module summaries the whole course
The module covers the following
Affectively using Virtual Machine
Choosing tools
Combining Features of Tools
Accelerating Reverse Engineering
Practices
Module 27 –Reverse Engineering Best
Practices
The module summaries the whole course
The module covers the following
Affectively using Virtual Machine
Choosing tools
Combining Features of Tools
Accelerating Reverse Engineering
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 35
- Slides 32
- Age 486 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views