What to expectParticipants will spend lots of time in Ida, manually breaking down flow of AMD64 assembly.
For those with no background in programming and/or little to no knowledge of windows internals.
You will spend the first day participating in lectures and labs covering the safe handling of malware, basic static and dynamic analysis, the basics of x86 assembly, and Windows Internals. The second day you will be turned loose to reinforce and build upon what you learned by completing self-paced lessons, labs, and puzzles. These lessons will include topics such as writing malware signatures, identifying malware behavior, using a debugger, and analyzing malicious documents.
For those who have some foundational knowledge of programming and windows internals.
For malware analysts or those who have already taken a course on malware analysis. Those who choose this track should have a strong knowledge of windows internals and be comfortable working in Olly and Ida.
You will stick with the “Main” group for a brief lecture on the safe handling of malware, and then you’ll be turned loose with two labs to analyze. The first will be a lightly obfuscated sample from a basic, but prolific, APT family. The second will be heavily obfuscated malware from a highly skilled APT family.
Who should attend?
- Security Operations Center Staff
- Reverse Engineers
- Incident Responders
- Software Engineers
- System Administrators
Is this the right class for me?
Participants should have an understanding of assembly and computation (loops and conditionals). It will be very helpful to have written at least one program, even a very simple one.
Experienced analysts will find plenty to do in this class as well.
Whether you’re new to the field and want a high level over view of malware analysis, or you’re an experienced analyst in search of some quality time with a fun sample, we’ve got you covered.