Advanced Malware Analysis Using Responder Professional

HBGary

Register Now // july 24 - 27

USA 2010 Weekend Training Session //July 24-25

USA 2010 Weekday Training Session //July 26-27

Overview:

This hands-on course provides advanced coverage of HBGary Responder for live memory analysis, incident response, and binary forensics. Participants use Responder in real-life situations to obtain and analyze a variety of digital evidence from suspect machines, and extract binaries from memory images and analyze them graphically to quickly ascertain malicious capabilities and response strategies.

Key Learning Objectives:

  • Identify, diagnose and triage malware
  • Utilize methods to search memory heaps and stacks for evidentiary artifacts
  • Utilize advanced techniques to capture transient code and data using Responder Professional
  • Identify malware anti-detection techniques
  • Successfully reverse engineer Level III and IV malware

Course Outline:

Day 1

  • Introduction to HBGary Responder™ Professional interface and panels (2 hours -1 hour lecture/ 1 hour hands-on lab)
  • DDNA panel (1 hour – 30 minute lecture/30 minute hands-on lab)
  • Difficulty levels of reverse engineering (I – IV) (30 minute lecture)
  • I - Recovery of a single string/symbol.
  • II - Requires only a single point RE of an API call
  • III - Requires RE of a set of functions and branches
  • IV - Algorithm reconstruction & programming skills
  • RE of Browser Hijacking and Bank Information Stealers (1 hour – 30 minute lecture/30 minute hands-on lab)
  • RE of Data Exfiltration (1 hour – 30 minute lecture/30 minute hands-on lab)
  • RE of Data loops (1 hour – 30 minute lecture/30 minute hands-on lab)
  • RE of DDOS attacks (1 hour – 30 minute lecture/30 minute hands-on lab)

Day 2

  • RE of Command Parsers (1 hour – 30 minute lecture/30 minute hands-on lab)
  • RE of Cryptography and Steganography (2 hours -1 hour lecture/ 1 hour hands-on lab)
  • RE of Basic CNA (1 hour – 30 minute lecture/30 minute hands-on lab)
  • Identifying Malware Development Factors (1 hour – 30 minute lecture/30 minute hands-on lab)
  • RE of Anti-debugging and Packing (1 hour – 30 minute lecture/30 minute hands-on lab)
  • RE of Hooking and Stealth (1 hour – 30 minute lecture/30 minute hands-on lab)
  • Scripting Exercise using Responder Professional (1 hour – 30 minute lecture/30 minute hands-on lab)

Teaching Methods:

Lecture, Hands-on labs, Demonstrations

prerequisites:

basic computer skills

Who Should Attend:

  • Owners of HBGary Responder who want to increase their effectiveness with the tool
  • System administrators and incident-handling personnel who are trying to further their knowledge in the latest forensic techniques
  • Anyone who wants to understand the technical side of incident response and memory forensics
  • Anyone who wants to learn how to collect evidence and analyze live Windows systems

what to bring:

nothing

what you will get:

1 x CD licensed copy (expires 8/1/2011) of HBGary Responder Professional per student

Trainers:

Greg Hoglund has been a pioneer in the area of software security. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), he created and documented the first Windows NT-based rootkit, founding www.rootkit.com (rootkit.com) in the process. Greg went on to co-found Cenzic, Inc. (cenzic.com) through which he orchestrated numerous innovations in the area of software fault injection. He holds two patents. Greg is a frequent speaker at Black Hat, RSA and other security conferences. He is co-author of Exploiting Online Games (Addison Wesley 2007) and Rootkits: Subverting the Windows Kernel (Addison Wesley 2005) and Exploiting Software: How to Break Code (Addison Wesley 2004).

Jim Richards brings 10 years of training development and delivery experience to HBGary. Jim spent 10 years at Hewlett-Packard in a variety of training roles from training content development to customer on-site training delivery. He led the worldwide training development efforts for the HP StorageWorks XP Disk Array family product introductions, along with managing the XP Disk Array training curriculum portfolio development for Field and Presales engineers.

Phil Wallisch has over 10 years of security industry experience. He has extensive experience in network based security solutions, Unix host security, and malware analysis. He started his career doing Unix system administration for various government contractors and designing layer three networks for Kaiser Permanente. He then spent five years at Neustar performing internal investigations, DDoS mitigation, threat research, and security operations. Most recently, Phil was a Senior Associate with PricewaterhouseCoopers in the security consulting practice where he performed penetration testing and incident response engagements. Currently Phil is Senior Security Engineer at HBGary where he delivers training, performs malware research, and supports customers.



Super Early:
Ends Apr 1
Early:
Ends May 15

Regular:
Ends Jun 15

Late:
Ends Jul 23

Onsite:

$3200

$3400

$3600

$3800

$4100