APT Malware Analysis with Hands-On Labs

APT Malware Analysis with Hands-On Labs

這堂課為了接近真實的環境,課程中會提供一個 Virtual Machine image,Image 中包含所有需要的分析工具與相關的病毒。對病毒做靜態分析、動態分析、反向工程等。整個課程分析 10+種病毒,10+種分析工具。

 The learning objective is malware analysis by 100+ hands-on labs:

  •  Memory dump analysis to identify suspicious running process, loaded LL, connections
  • PE file Static analysis by YARA, PEiD
  • Reverse engineering with IDA
  • Dynamic analysis with systemInternals tools
  • Analyze suspicious obfuscation (encoded) JavaScript manually
  • Wireshark for analysis network traffic analysis of APT malware
  • Opensource and Cloud Sandbox for malware analysis
  • Hands-on tutorial analysis for Malware samples such as Windows PE/EXE, DLL, SYS, PDF, HTML/JavaScript malware analysis, captured PCAP (network traffic), memory dump of infected APT host

Prerequisite

  • Windows XP Virtual environment preparation
  • Basic understanding of Windows OS, Networking
  • Windows programming or script language i.e. Python/JavaScript

Evaluation

  • Attendance rate 50%
  • Homework / Lab 50%

 課程大綱

Course Name Malware Analysis with Hands-On Labs ​
Duration 18 hours
Language English
Target Audience Attendee whom may be interested or involved with

  • Handling advanced threats including target attacks and cyber threats.
  • Analyze malware behavior and perform the root cause analysis
  • Open source tools for malware activities analysis
Agenda
Session 1
  • Malware Analysis Report
  • Anonymizing Activities
  • Malware Source
  • Static PE file Analysis by PEStudio, Strings, PEiD, YARA, TrID
  • Case Study: Static Malware Analysis Lab 01~03
Session 2
  • Cloud sandbox analysis
  • Case Study: FakeAV Downloader Analysis by WireShark
  • Analysis Domain, IP
  • Geo-Mapping IP Addresses With Python
  • Case study: How to de-obfuscation JavaScript
Session 3
  • How to analyze memory dump for malicious activities?
  • Case study: Infected APT hosts’ Memory dump analysis by “Volatility ”
  • Case Study: Infected Network APT downloader Analysis by Wireshark
Session 4
  • Dynamic Malware Analysis with SystemInternals
  • Case Study: Dynamic & Static Malware Analysis Lab 04~ 15
  • Case Study: Dynamic & Static Malware Analysis Lab 08~ 15

 

Leave a Reply

Your email address will not be published. Required fields are marked *