What to expect
Audience
- Security Operations Center Staff
- Reverse Engineers
- Incident Responders
- Software Engineers
- System Administrators
Applicability
Objectives
- Understand the structure of a PE header
- Know how binary executables are loaded into memory and executed
- Know how to use static analysis tools on executables
- Know how to use dynamic analysis tools on executables
- Trace program flow in an executable
- Locate key sections of programs and label information to better understand purpose
- Modify executables in-memory to alter behavior
- Create indicators of compromise based on key code blocks
Typical Agenda
Setup
We recommend you begin configuring your VM early, allowing time for things to go wrong. We strongly recommend that you use VMWare Workstation Pro (Windows and Linux) or VMWare Fusion (OS X). You can try it out for 30 days for free, though you’ll likely want a license if you’re going to be analyzing malware regularly. VMWare Workstation Player will not suffice for our purposes, as we need the ability to create snapshots and Workstation Player does not provide this ability. The instructors will not be prepared to troubleshoot issues outside of the recommended platform.