HackLab: Malware Analysis
In three days from the basics of malware analysis to reverse engineering of the more advanced types of malware
Malware stands for malicious software, scripts or code meant to aid an attacker to hack a system, keep control, steal information or to cause damage. Malware poses a large risk to an organization and having theoretical knowledge on this matter is not enough anymore. Hands-on experience is required on how to discover, analyse and fight malware and is a difficult task without the right knowledge and experience. During this hands-on course experience, participants will gain experience in the analysis of malware, from the initial approach of dissecting to the analysing of advanced malware.
20 - 22 August 2018 | the Hague
This hands-on course enables participants to make their first steps towards malware analysis up to the full reverse engineering of the more advanced types of malware.
We will deal with different methods of malware analysis, such as behavioral, static analysis and reverse engineering. Topics addressed in this course include: the different properties and actions of malware, forensic traces, network traffic, code analysis, obfuscation and encryption. Various malware files, specifically written for this course, will be analyzed prior to analyzing existing malware. A major element of this course is hands-on reverse engineering, giving maximum experience to participants during the three days.
Following this course enables participants to perform their first analysis on encountered malware, correctly estimate the behavior of malware, and understand how it can be countered.
- Gaining hands-on experience with the analysis of malware
- Obtaining knowledge on the different types of malware
- Obtaining knowledge on the different methods of malware analysis
- Ability to perform a first analysis on encountered malware, correctly estimate the behavior of malware, and understand how it can be countered.
- Incident response employees
- Digital forensic researchers
- IT system & network administrators
- IT professionals interested in malware analysis
Participants should have fundamental insight into network protocols, IP network services, and operating systems. Experience with malware is not required, but a solid technical background is desired.
- General malware overview and history
- How victims are infected & Introduction to malware analysis
- Malware identification, botnets, Malware packers and unpacking
- Behavioural analysis & Malware debugging
- Recap & Introduction to malware encryption
- Anti-Virus products and file recovery, Statical analysis, Banking malware
- Malware scripts analysis & Malware network traffic analysis
- Exploit analysis & Malware anti-Forensics bypassing
- Recap & Hands-on excercises
- Hands-on excercises
- Hands-on excercises
On Day 3, the knowledge gained is further put into practice. In different assignments, including the analysis of advanced malware specimens and Capture The Flag (CTF) exercises, insight will be provided into the inner working of malware analysis and reverse engineering in practice.
The course will be given in English or Dutch, depending on the participants preferred language. The course material is in English.
Date, location and time
This is three-day course will be held on:
20 - 22 August 2018 in the Hague
The costs are € 1,500 ex VAT. Catering (lunch) and course materials are included in the price.
'Technical depth required to complete the exercises/challenges. E.g. assembly and use of debuggers is not a subject that can be easily taught and the way this course is structured provides an effective way to go in depth on these demanding subjects'
'Interesting, well prepared and really good pedagogues'
Until four weeks before the start of the course you may cancel your participation in writing free of charge, or you may propose to attend on another date. Should you cancel within four weeks before the start of the course you will have to pay the full registration fee. In the event of insufficient participants we reserve the right to cancel the course at any time or move the date of the event. If so, you will be informed in due time.