Malware Reverse Engineering

Presented By: Joxean Koret

This course provides effective knowledge and hands-on experience on basic malware analysis. It introduces current and relevant techniques that will prepare students to become a proficient malware researcher heavily using IDA Pro.

This 2 day course will take place on the 11th & 12th March 2019 in London.
The price is £1,300 (inc VAT). Book your place in our shop now.

Learning Objectives

  • Understand Windows fundamentals
  • Develop reverse engineering skills
  • Gain familiarity with standard tools like IDA and Volatility
  • Reverse engineer real-world malware

Course Outline

Day 1:

  • Introduction to malware
  • Windows fundamentals
  • Executable file formats (PE)
  • Introduction to reverse engineering
  • Introduction
  • Tools & setting up a reverse engineering lab.
  • Brief Introduction to Graph theory
  • Static Analysis: from C to assembler
  • Manual Code reconstruction: from (any) assembler to C

Day 2:

  • Unpacking
  • Static unpacking
  • IDAPython.
  • Hands on various malwares.
  • Dynamic unpacking
  • Manual reconstruction
  • IDA Python batch automation
  • Memory dumping and analysis with volatility

Target Audience

Security staff working in, or looking to work in blue teams on malware analysis, and those with a keen interest in reverse engineering, but without the free time dedicated to developing their skills.

Student Requirements

  • Knows C
  • Knowledge of assembly language (x86, ARM, …) is advantageous but isn’t required

What to Bring

  • A working laptop (no Netbooks, no Tablets, no iPads)
  • Intel Core i3 (equivalent or superior) required
  • 8GB RAM required, at a minimum
  • Wireless network card
  • 60 GB free Hard disk space
  • If you’re using a Macbook or Macbook Pro, please bring your dongles!

Software Requirements

  • Ubuntu Linux installed either on the laptop or on a VM
  • Microsoft Windows as a VM
  • Legal version of IDA (7.0 or higher)

Students will be provided with

Copies of the course including all exercises and Virtual Machine images used during the course.

About the Trainer

LEAD INSTRUCTOR – Joxean Koret @matalaz

Joxean Koret has been working for more than 15 years in many different computing areas. He started working as database software developer and DBA for a number of different RDBMS.

Afterwards he got interested in reverse engineering and applied this knowdlege to the DBs he was working with, for which he has discovered dozens of vulnerabilities in products from the major database vendors, specially in Oracle software.

He also worked in other security areas like malware analysis and anti-malware software development for an Antivirus company or developing IDA Pro at Hex-Rays.

Book your 44CON Spring 2019 training course now!