Training

Malware Analysis Training

Malware Analysis Training aims the participants to be able to examine the objectives of the malware specimens, their hiding, evasion, persistence and propagation methods. The scope of the training contains the static and dynamic analysis methods at both basic and advanced levels.

Training Details

Although basic knowledge about reverse engineering is included in our malware analysis training participants would benefit more from the training if they have prior knowledge of basic reverse engineering and shellcode development techniques.

  • Malware behaviors
    • File download and launching
    • Backdoor services
    • Stealing access credentials
    • Persistence mechanisms
    • Covering tracks
  • Basic static analysis
    • String search
    • PE file format
    • Imported API functions
    • Packaged / encoded malware
  • Use of virtual machines in malware analysis
    • Virtual machine configuration and taking snapshot
    • Malware detecting virtual machines
  • Basic dynamic analysis
    • Use of sandbox environments
    • Monitoring software activity with process monitor
    • Analysis of network communication with Wireshark
    • Getting the registry difference
  • Advanced static analysis
    • Introduction to X86 architecture
    • Fundamental assembly instructions
    • Stack organization
    • Calling conventions
    • Disassembly with IDA Pro and use of IDA Pro
    • Windows APIs (file system, network, registry access functions)
    • Using native APIs
  • Advanced dynamic analysis
    • Debugging at assembly level
    • Debugger usage (step-by-step operation, unconditional and conditional breakpoint definition, etc.)
    • Interruption of the application flow with the debugger
    • Tracing application flow with Ollydbg
  • Methods for running hidden malware
    • Process injection methods (dll injection, direct injection)
    • Hook injection methods
  • Anti-reversing methods
    • Methods to reduce code readability
      • Basic encoding methods (XOR, Base64)
      • Encryption algorithms
      • Decoding
      • Packers and unpacking
    • Anti-disassembly methods
      • Defeating the disassembly algorithms
      • Making understanding application flow harder
    • Anti-debugging methods
      • Debugger existence detection methods
      • Debugger behavior detection methods
      • Methods to avoid detection with debuggers
    • Methods of detecting the use of virtual machines
  • Shellcode analysis
  • Analysis of code compiled with C++ compiler

Duration: 2 Days

Location: Istanbul

  • All participants are entitled to CERTIFICATE OF PARTICIPATION
  • Participants who successfully complete the assessment exam / CTF cases are entitled to TRAINING CERTIFICATION