Presented By: Joxean Koret
This course provides effective knowledge and hands-on experience on basic malware analysis. It introduces current and relevant techniques that will prepare students to become a proficient malware researcher heavily using IDA Pro.
This 2 day course will take place on the 11th & 12th March 2019 in London.
The price is £1,300 (inc VAT). Book your place in our shop now.
Learning Objectives
- Understand Windows fundamentals
- Develop reverse engineering skills
- Gain familiarity with standard tools like IDA and Volatility
- Reverse engineer real-world malware
Course Outline
Day 1:
- Introduction to malware
- Windows fundamentals
- Executable file formats (PE)
- Introduction to reverse engineering
- Introduction
- Tools & setting up a reverse engineering lab.
- Brief Introduction to Graph theory
- Static Analysis: from C to assembler
- Manual Code reconstruction: from (any) assembler to C
Day 2:
- Unpacking
- Static unpacking
- IDAPython.
- Hands on various malwares.
- Dynamic unpacking
- Manual reconstruction
- IDA Python batch automation
- Memory dumping and analysis with volatility
Target Audience
Security staff working in, or looking to work in blue teams on malware analysis, and those with a keen interest in reverse engineering, but without the free time dedicated to developing their skills.
Student Requirements
- Knows C
- Knowledge of assembly language (x86, ARM, …) is advantageous but isn’t required
What to Bring
- A working laptop (no Netbooks, no Tablets, no iPads)
- Intel Core i3 (equivalent or superior) required
- 8GB RAM required, at a minimum
- Wireless network card
- 60 GB free Hard disk space
- If you’re using a Macbook or Macbook Pro, please bring your dongles!
Software Requirements
- Ubuntu Linux installed either on the laptop or on a VM
- Microsoft Windows as a VM
- Legal version of IDA (7.0 or higher)
Students will be provided with
Copies of the course including all exercises and Virtual Machine images used during the course.
About the Trainer
LEAD INSTRUCTOR – Joxean Koret @matalaz
Joxean Koret has been working for more than 15 years in many different computing areas. He started working as database software developer and DBA for a number of different RDBMS.
Afterwards he got interested in reverse engineering and applied this knowdlege to the DBs he was working with, for which he has discovered dozens of vulnerabilities in products from the major database vendors, specially in Oracle software.
He also worked in other security areas like malware analysis and anti-malware software development for an Antivirus company or developing IDA Pro at Hex-Rays.