Lee Ling Chuan (a.k.a lclee_vx)
This class focuses on the advanced malware combating and defending
mechanisms that target on common platform, such as Windows OS and web
browser. Advance and complex malware analyses techniques will be
introduced include anti-debugging techniques, anti-analysis and more to
guide students when facing the sophisticated malware.
First, students will arm themselves with critical skills with some
significant debugger tools such as OllyDbg, WinDbg and IDA Pro to overcome
the challenge and repetitive tasks. Students will also learn the
techniques of defeating the anti-debugging, packed, compressed and armored
executables. Other than that, malware stealth techniques include API
Hooking, DLL injection and rootkit technology will be discussed in the
class. Hands on exercises and labs regarding several sophisticated
specimens will be conducted throughout the course.
Day 1
1. Fundamental
-Participant will go through all the basic concept such as: assembly language, opcode, PE file etc
- Debugger: Immunity Debugger, Windbg and IDA Pro (free version)
- Behavioral Analysis
- Code Analysis - IDA Pro, WinDbg and Immunity Debugger
2. Virus Reversing
Participant will need to understand the virus code based on the assembly language and develop their own virus. Reverse engineering and analysis of the code flow, how virus infected file system such as encryption, pre append and append to the file system, memory infection etc
The virus code highly restricted in the training only.
Day 2
1. Botnet Reversing
Participant need to feed the requirement of the botnet and break into the botnet (build in isolated environment in Lab).
The bot sample higly restricted in the training lab only
2. Browser Malware Reversing
- Participant need to understand the combination of browser exploit and malware payload.
- several tool will be introduced in the lab
Day 3
1. Malicious Document Reversing
- Participant need to analysis the Adobe flash player exploit, PDF exploit with malware payload
- several tool will be introduced in the lab
2. Kernel Debugging
- Participant learn how to connect WinDbg with Windows Operating System
- Hunting rootkit through the WinDbg script and commands
- Introduction of the new tool by F-13 Labs - PyWinDbg. PyWinDbg fully coded in python.
@IT Security Conference in Paris