MAx – Malware Analysis Expert

Overview:
Malware analysis from Orchidseven dives into techniques and approaches to reverse engineer and analyze a binary with malicious code. But before we dive into the subject, the most important thing to ask is, how can one analyze a malware without knowing what goes in creating it?

For this very reason, the Orchidseven Malware Analysis workshop starts with fundamentals of Reverse Engineering, followed by creation of an actual malware and then approaches for analysis. Filled with lot of practical labs, the session spanned across a full day will go in-depth while keeping it simple enough to understand.

At the end of this workshop, you will be able to:

  • Gain hands-on experience in Reverse Engineering.
  • Understanding Malwares & Develop a Simple Malware.
  • Apply the knowledge and techniques for Malware Analysis

Attend this if

  • You wanted to get a crash course in Assembly language
  • You have always craved to learn the wonderful world of Reverse engineering
  • Wanted to develop or code a your own virus / malware for research
  • Aspire to advance your professional skills in Security research and Malware analysis
  • Get your foundation strong in exploit development and shell coding

Duration: 16 hours. (2 days full time)

Pre-requisites:
Anyone who understands programming

Course Content

Module 1: Reverse Engineering Walkthrough

  • Assembly Language Introduction
  • Processor-Architecture.
  • Registers
  • Memory Layout.
  • Stack & its operations.
  • Assembly language Syntax.
  • Concept of Functions, loops in Assembly.
  • Flag register & Flow-control Instructions.
  • Compiling & building an Assembly Language application.

Module 2 – Introduction to WIN32 Programming.

  • What is Win32 Programming?
  • Concept of PE File-Format.
  • Concept of Dynamic Linking.
  • Windows Flat-Memory Model.
  • Common Dll’s & Win32 functions.

Module 3 -Introduction to Reverse Engineering

  • Concept of Compilation.
  • Concept of an Executable.
  • Concept of Disassembling & Debugging.
  • PE Header: In-depth.
  • Introduction to Ollydbg.
  • Advanced Ollydbg Concepts.
  • Introduction to IDA Pro.
  • Setting Breakpoints.
  • Debugging an Application.
  • “Cracking” a Demo Application.

Module 4 – Malware “Concept” Introduction

  • Introduction to Malwares
  • Various types of malwares & the differences between them.
  • Introduction to Infection Concepts.
  • Common malware Coding Techniques.
  • Introduction to Polymorphism & Encryption w.r.t Malwares
  • Introduction to Exe Packers/Protectors.
  • Detecting a Malware on a System.

Module 5 – Coding a Malware

  • Planning & designing a malware.
  • Choosing the right Programming language & Tools.
  • Developing an Algorithm.
  • Coding the Malware: Step-by-Step
  • Packing/Protecting the Malware.
  • Testing the Malware in a Controlled Environment.

Module 6 – Malware Analysis

  • Introduction to Malware Analysis
  • Setting up the System for Malware Analysis.
  • Passive Analysis through Disassembly.
  • Step-by-Step Live analysis of Malware.
  • Reversing/Unpacking the Code.
  • Reversing the Algorithm.
  • Finding-out the way to “Disinfection”.
  • Coding a Simple tool to Disinfect a System, infected with that Malware.
  • Testing the tool.

Certification:

Certification requires clearing the lab exam.