Course Description
Almost every Incident Response involves some Trojan, back door, virus component, or rootkit. Incident Responders must be able to perform rapid analysis on the malware encountered in an effort to determine the purpose of unknown code. This course provides a rapid introduction to the tools and methodologies used to perform dynamic and static analysis on portable executable programs found on Windows systems. Students will learn to infer the functionality of a program by analyzing disassembly and by watching how it changes a system as it runs. They will learn how to extract investigative leads from host and network-based indicators associated with a malicious program and how to identify specific coding constructs in disassembly. They will be taught the art of dynamic analysis, and they will be taught about several Windows APIs most often used by malware authors. Each section is filled with in class demonstrations, exercises where the students follow along with the instructor, and labs where the students practice what they have learned on their own.
What You Will Learn:
Who Should Attend the Class:
IInformation technology staff, information security staff, corporate investigators or others requiring an understanding of how malware works and the steps and processes involved in Malware Analysis.
What You Will Get:
Free Tools CD with course tools and scripts
Prerequisites
Nick Harbour is a Senior Engineer with Mandiant and is a well-known innovator in the field of computer security with over seven years experience in computer forensics, network monitoring and software development.
Prior to joining Mandiant, Nick spent two years as a government contractor engaged in technically challenging projects for a variety of government agencies. He is knowledgeable in many fields of government efforts and has worked in the intelligence, counterintelligence, military and law enforcement communities. During his former position within the Defense department, he wrote tcpxtract, a popular tool for extracting files from arbitrary network traffic.
Mr. Harbour is a former Computer Forensics Examiner for the Department of Defense Computer Forensics Laboratory (DCFL) where he was primarily involved in research and development and highly classified special projects and operations. During his prosperous four year career at the DCFL Mr. Harbour advanced the field of computer forensics by developing dcfldd, the popular imaging tool which revolutionized the way digital media is acquired, and fatback, a sophisticated file recovery tool and the only of its kind to run under the Linux/Unix environment.
Mr. Harbour is a RedHat Certified Engineer and is also a member of the Association of Computing Machinery and the MENSA organization.
Early:
Ends May 1 |
Regular: |
Late: |
Late/Onsite: Begins August 1 |
$2000 USD |
$2200 USD |
$2400 USD |
$2700 USD |