Introduction to Behavioral Malware Analysis

Description

The malware analysis training is designed to lead the students through the fundamentals of malware analysis by understanding static and behavioral analysis of actual malware attacks’ actual scenarios.  This hands-on course will walk students through setting up a proper sandboxed environment well equipped for malware analysis.  Participants exposed to this five-day training session will be able to understand the process of compilation that takes human-readable code to compiled machine-readable code.  Students will be exposed to numerous malware analysis tools to examine a variety of malware samples from across many spectrums in the malware analysis spectrum.  These samples will include specifically crafted malware that exhibits malware behaviors up through real-world malware used by Advanced Persistent Threats (APTs).

This course includes many hands-on labs for repeated practical demonstration of skills learned.  Students will be given lectures to baseline the core concepts, followed by many hands-on labs to practice what is learned.  The course concludes with a capstone lab that combines all the skills and tools learned throughout the class to successfully demonstrate an understanding of conducting fundamentals of malware analysis, identifying binary obfuscation, and reporting critical findings of interest.

Prerequisites

• • Basic technical writing skills
  • General knowledge of the Windows Operating System, including a fundamental understanding of windows processes, services, registry, and filesystem, OSI Stack
  • Familiarity with VMware, Hyper-visor, VirtualBox will be of great help,
  • Administration and Installation of VMs, and using VMs
  • Creation of Containers
  • Difference between a Container and a VM.
  • Exposure to C#, F#, Assembly, Natural, Python, JSON, Java, or any mainstream programming language is recommended
  • Fundamental understanding of Cloud Development and Services
  • Understanding of DevSecOps.
  • Understanding of DevOps Pipelines.

 

 

Learning Objectives

On completion of this course, students will be able to:

• • Set up a sandboxed environment for static and behavioral analysis of Windows portable executables
  • Compile basic C code from source to executable
  • Statically analyze suspected malicious windows binaries (PE)
  • Identify behaviors typically exhibited by malicious windows binaries (PE)
    • Identify standard packing and obfuscation techniques used by malware authors to disguise their purpose
    • Use basic unpackers to return binaries to their original de-obfuscated state
    • Report key findings from their malware analysis efforts

 

Duration

5 Days