Behavioral Malware Analysis teaches you all the fundamental skills necessary to analyze malicious software from a behavioral perspective. Using system monitoring tools and analytic software, this course teaches how to observe malware in a controlled environment to quickly analyze its malicious effects to the system. From simple keyloggers to massive botnets this class covers a wide variety of current threats from today’s internet with actual samples being analyzed in the training environment. With the majority of the class being hands-on, each student will be issued a computer with a secure environment to learn the skills and essential methodologies required to be an effective malware analyst.
Course Overview
CLASS INFORMATION
Price:
$4,500Duration:
5 days- How to identify malware and discover its capabilities
- How to set up a secure lab environment to analyze malicious software
- How to use free tools to characterize malware samples quickly
- Obfuscation methods used by attackers to escape detection
DAY 1:
Malware Analysis
- Static Analysis
- Dynamic/Behavioral Analysis
Malware Overview
- Definition of Malware
- Malware Intentions and Motivations
- Malware Types
- Virus
- Worm
- Backdoor
- Trojan
- Malicious Mobile Code
- User-Mode Rootkit
- Kernel-Mode Rootkit
- Combination Malware
- Vulnerabilities
- Malware threats research websites
- Technologies to fight Malware and their limitations
- Intrusion Detection Systems
- Intrusion Prevention Systems
- Anti-Virus Software
Windows Internals for Behavioral Analysts
- Windows API
- Common Libraries
- Building An Analysis Environment
Behavioral Analysis Process (BA)
- Understanding The Process
- Knowing Your Goals
BA Tools of the Trade
- VMware Workstation
- Sysinternals Suite
- Regshot
- ApateDNS & Fakenet
- Wireshark
- PEID & PackerBreaker
- Process Hacker
DAY 2:
Baselining
- Why Baseline a System
- The Windows Registry
- Baselining Tools
Document-Embedded Malware
- How To Embed a Document
- Hijack Scenario
- Macro Viruses
- Melissa Virus Case Study
Adware, Spyware, and Ransomware Botnet Malware
- Definition of a Bot
- Botnet Communication Architecture
- Setting Up and Using IRC For Command and Control
DAY 3:
KeyLoggers
- Purposes
- Keylogger types
- Hardware vs Software
- Remote Access Keyloggers
- Sniffers
Malicious Mobile Code (Interactive Web Apps)
- Definition of Malicious Mobile Code
- Attack Vectors
- Reducing Risk of MMC Attacks
Backdoors
- Common Backdoor Types
- Propagation Methods
- Persistence Methods
- Finding Backdoors
Trojan Horses
- Definition of a Trojan Horse
- Backdoor vs Trojan Horse
- Trojan Horse Infection Methods
Advanced Persistent Threat (APT)
- Definition of APT
User-Mode Rootkits
- Definition of a Rootkit
- Benefit of Rootkits for Attackers
- Kernel- vs User-Mode Rootkits
- Detection Methods
DAY 4:
Drop and Execute Malware
- Dropper vs Injector
VMWARE Detection
- Why Malware does VMware detection
- Honeynets and Honeypots
- Methods of VM Detection
Destructive Malware CHM Malware
- Normal CHM File Usage
- Advantages and Disadvantages of CHM Files
PDF Malware
Kernel-Mode Rootkits
DAY 5:
Student Practical
DAY 1:
- BA Process Lab 1
- BA Process Lab 2
- BA Process Lab 3
- Day 1 Scenario
DAY 2:
- Document-Embedded Malware 1
- Document-Embedded Malware 2
- Spyware Sample
- Ransomware Sample
- IRC Bot Sample
- Day 2 Scenario
DAY 3:
- Keylogger Sample
- MMC Implant Sample
- Backdoor Sample
- Trojan Horse Sample 1
- Trojan Horse Sample 2
- Day 3 Scenario
DAY 4:
- Drop & Execute Sample
- Anti-analysis Sample
- Destructive Sample
- CHM Sample
- PDF Sample
- Day 4 Scenario
DAY 5:
- Day 5 Practical
- Thorough understanding of Microsoft Windows
- Basic understanding of operating system internals
- Experience with VMWare software although not required would be beneficial
- Knowledge of networking protocols and Wireshark filtering is recommended but not required
- Threat operation analysts seeking to have a better understanding of malware
- Incident responders who need to quickly address a system security breach
- Forensic investigators who need to identify malicious software
- Individuals who have experimented with malware analysis and want to expand their malware analysis techniques and methodologies