Malware authors sometimes take deliberate steps to thwart the reverse engineering of their malware. Students will learn to combat sophisticated malware head-on by studying common obfuscation techniques and then be challenged to defeat several difficult hands-on labs. They will learn how to combat against packing, anti-disassembly, anti-debugging and anti-virtual machine techniques. A practiced and robust skill set in Windows APIs and the Intel x86 architecture is required.
What You Will Learn:
- Hands-on malware dissection
- The art of malware analysis; not just running tools
- Learn strategies for unpacking malware
- How to analyze shellcode extracted from malicious documents
- How to script IDA Pro to help automate analysis
- How to defeat anti-reverse engineering techniques like anti-debugging, anti-disassembly and anti-vm
- How to analyze malware that is covertly launched
- Commonly used encoding and encryption techniques used by malware
Intermediate to advanced malware analysts, information security professionals, forensic investigators or others requiring an understanding of how to overcome difficult challenges in malware analysis.
Students must bring their own laptop with VMware Workstation, Server or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space.
A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.
Students who cannot meet the laptop requirements because of onsite registration or other reasons may contact MANDIANT at education@mandiant.com to see if a laptop can be provided for you.
Instructors will be determined and bios will be provided as we near the event; however, they will be from the pool of seasoned instructors we use year after year.