applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Introduction to Malware Analysis

Register for March 2-3 Course:
Introduction to Malware Analysis

Advanced Malware Deobfuscation

Register for March 4-5 Course - Advanced Malware Deobfuscation

Register for both Courses

Intro and Advanced Malware Courses

Instructor(s):
Jason Geffner
Scott Lambert

Description

Security researchers are facing a growing problem in the complexity of malicious executables. While dynamic black-box automation tools exist to discover what malware will do on a given execution, it is often important for an analyst to know the full capabilities of a given malware sample. What port does it listen on? What password does it expect for backdoor access? What files will it write to? What will it do tomorrow that it didn't do today?

This class will focus on teaching attendees the steps required to understand the functionality of given malware samples.

This is a hands-on course. Attendees will work on real-world malware through a series of lab exercises designed to build their expertise in understanding the analysis process.

Key Learning Objectives:

General Learning Objectives:

Course Style:

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

What to Bring:

Attendees must bring their own laptop with a 32-bit version of Microsoft Windows XP SP2 or greater, Microsoft Windows Server 2003, or Microsoft Windows Vista installed inside of a virtual machine (such as Microsoft Virtual PC 2007 or VMware Workstation). The host machine should be configured to access the internet via conference-provided wireless or wired internet access. Attendees are expected to have the following software installed in a virtual machine prior to the first day of the course

Prerequisites

Attendees should be comfortable in the Windows environment.

Materials

Attendees will be presented with the following materials to be used and referenced throughout the duration of the course:

Course Schedule:

Day One
Day Two