Advanced Reverse Engineering Malware Training

Commitment 4 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Price REQUEST
Delivery Options Instructor-Led Onsite, Online, and Classroom Live

COURSE OVERVIEW

Because modern malware makes use of sophisticated obfuscation techniques, you need to have specific reversing skills in the deconstruction of various x86 assembler obfuscation tricks used by malware in order to be an expert malware reverser. This four-day Advanced Reverse Engineering Malware Training course bridges the gap between reversing “vanilla” compiler-generated code and the nontrivial, complex code created by expert malware authors.

Modern malware typically is developed with some measure of Command and Control (C&C) communication capabilities. The C&C protocol can be used to maintain a botnet, deliver package updates, send commands, and steal data from compromised machines. Understanding and reversing the underlying C&C protocol is essential to understanding the intention, functionality, and potentially the identity of the malware author. In the Advanced Reverse Engineering Malware Training course, you will learn how to reverse these C&C protocols from live malware examples that are currently in circulation.

Reversing obfuscated malware in some cases must be done programmatically. This requires you to understand how to use specialized plugins for IDA as well as other malware-specific tools in order to de-obfuscate various portions of the code under analysis. In other cases, hours or days of manual work can be saved by learning the proper use of a specific reversing tool.

WHAT'S INCLUDED?
  • 4 days of Advanced Reverse Engineering Malware Training with an expert instructor
  • Advanced Reverse Engineering Malware Electronic Course Guide
  • Certificate of Completion
  • 100% Satisfaction Guarantee
RESOURCES
RELATED COURSES

ADDITIONAL INFORMATION

COURSE OBJECTIVES

Upon completing this Advanced Reverse Engineering Malware Training course, learners will be able to meet these objectives:

  • Malicious document analysis
  • Extracting and analyzing embedded shell scripts from documents
  • Manually unpacking obfuscated malware
  • Methods for Analyzing and Defeating Armored Malware
  • Advanced Rootkits, DLL, and Windows Services
  • Advanced Anti-Reversing Malware
CUSTOMIZE IT
  • We can adapt this Advanced Reverse Engineering Malware Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Advanced Reverse Engineering Malware course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Advanced Reverse Engineering Malware around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Advanced Reverse Engineering Malware course in a manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

The target audience for this Advanced Reverse Engineering Malware Training course:

  • IT professionals involved with information system security, computer forensics, and incident response
CLASS PREREQUISITES

The knowledge and skills that a learner must have before attending this Advanced Reverse Engineering Malware Training course are:

  • Firm understanding of the Windows Operating System
  • Firm understanding of computer architecture concepts
  • Grasp of the TCP/IP protocols
  • Experience with Reverse Engineering or current CREA certification holder
  • Reverse Engineering Malware Training

COURSE SYLLABUS

Day 1

Some of the reverse engineering concepts you will learn to master during this Advanced Reverse Engineering Malware Training course.

Microsoft Office Malicious Documents
  • The instructor will demonstrate methods and techniques for manually analyzing malicious documents without running them against the vulnerable version of MS Office they are targeting.
  • Samples of malware
Adobe PDF Malicious Documents
  • Methods and techniques for manually analyzing these malicious documents without running them against the vulnerable version of Adobe Reader they are targeting
    PDF samples targeting current vulnerabilities using tools

Relevant and challenging malware samples in which you must remove the embedded executables for MS Office and Adobe files as the scenario for the day

Day 2
Manually Unpacking Obfuscated Malware
  • The instructor will describe and demonstrate situations where malware analyst’s tools break and Auto-Unpacking fails
  • Analyze a packed executable that will break if attempting to be unpacked through a malware auto unpacker
  • Manually unpack and restore the original executable
  • Students will be given a modified version of other real-world packers
  • Tools used
  • Relevant and challenging malware
Day 3
Methods for Analyzing and Defeating Armored Malware
  • Common anti-debugging techniques used by malware authors to detect whether or not they are being analyzed
  • Common anti-reversing techniques used by malware authors to confuse and increase the difficulty of the RE process
  • Analyze and bypass anti-debugging checking routines to get the executable to completely unpack
  • Combine lessons learned from day 2 to manually unpack and restore the original executable and then defeat the anti-debugging routines.
  • Analyze a sample making use of many popular anti-reversing techniques
  • Combine lessons learned from days 1, 2, and 3 to manually unpack and restore the original executable, defeat the anti-debugging routines, and finally defeat anti-reversing routines
  • Advanced Reverse Engineering Malware Training
  • Relevant and challenging malware
Day 4
Rootkits, DLLs, and Windows Services
  • Reversing Windows rootkits
  • Detect interrupt table hooks and SSDT hooks
  • NDIS chains to find backdoor TCP/IP stacks
  • Loading DLLs and DLL Exports
  • Windows Kernel data structures and what they mean
  • Reversing DLLs
  • Windows DLLs
  • Windows Services
  • Windows Services structures
  • Service installation and execution routines
  • Service Lifetime
Conficker and Relevant Samples
  • Manually unpack and restore the original executable
  • Defeat the anti-debugging routines
  • Defeat anti-reversing routines
  • Develop network signatures
Advanced Reverse Engineering Malware TrainingAdvanced Reverse Engineering Malware Training Course Recap, Q/A, and Evaluations

REQUEST MORE INFORMATION