CTI/MALWARE ANALYSIS

• Review of the different families of existing malware (stealer, trojan, webshell, …)
• The different phases of a computer attack via the killchain (type APT, ransomware)
• Analysis of a malicious pdf file depositing an excel file exploiting the CVE-2017-11882 vulnerability (points discussed: PDF and opendocument file format, features in a PDF, object com/CLSID)
• Analysis of a malicious office document (points covered: vba macro, code obfuscation, use of olevba/vipermonkey, development of a script to automate deobfuscation)

• Basics of Windows operation (Memory paging, kernel land / user land, Processes/Threads/Mutex/Handles, the difference between userland/kernel land)
• PE format: headers, data directories (import table, export table, certificates, debug symbol;..) sections, section rights, address calculation, visualization in binary ninja
• Analysis of a RAT only in RAM (points discussed: use of volatility, mutex, decryption of a RAT configuration)
• Analysis of a RAT in .NET (points covered: .NET format, decompilation, configuration decryption, possible extraction of IOCs)

• Techniques used by malware: RunPE, DLL injection, heap/stack packers, shellcode, network communications,…
• Static analysis of a dll with its network traffic (points discussed: match a TTP specific to the backdoor family, network API, yara rules, hunting)
• Dynamic analysis of GandCrab (points covered: debugger, depacker, shellcode, encryption algo, disk and IO traversal functions, network API, antidebug tricks)

Get an up-to-date and concrete overview of Malware Industry

Be guided through your first real malware analysis