Abstract

1. Overview

We are conducting a n|u Humla session at Pune on "Malware Analysis". The quick one day session shall help beginner to build base foundation in malware analysis. This will be complete hands on workshop/session where attendees shall perform and learn to analyze malicious program. The platform for analysis shall be considered "Windows OS" and Windows based malware's. This session assume attendees with no or less prior experience in the subject.

1. Agenda
   i. Some background on Windows Programming Model
   a. Basics on Windows programming using C/C++, Compilation/build process.
   b. Basics on Windows OS architecture.
   c. Basics on Intel x86 Assembly - Instructions and Code Pattern.

   ii. Discussion on "Malware analysis approach"
   a. Analysis based on "Properties" & "Behaviour" of computer program.
   b. Techniques used to analyze behavior - Static code analysis & Dynamic code analysis.
   c. Some thoughts on "Emulator based Automated Malware Analysis".

   iii. Introduction to required toolset
   a. Intro to PE/Hex editors
   b. Intro to Disassemblers and Debuggers
   c. Intro to SysInternals toolset
   d. Intro to Sandbox

   iv. Setting up Analysis Lab
   a. Discussion on building safe analysis lab with required toolkit
   b. We shall be distributing VMs with tools installed.

   v. Case study : Malcious backdoor
   a. Hands on analysis of malicious live windows backdoor and DoS (Deniel of Service) malware
   b. analyze technical details
   c. debug and trace behaviour in protected enviroment
   d. capture and analyze network activity.

2. Prerequisites

   • General knowledge of computer and operating system fundamentals is required.
   • Some exposure to programming in X86 ASSEMBLY and C languages is required.

3. What to Bring?

   • Laptop with admin rights.
   • VmWare Player/Virtual Box installed.

Speaker

Krishs

DebugBreak();

Timing

Starts at Saturday July 25 2015, 10:10 AM. The sessions runs for about 6 hours.

Resources