This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Here’s the schedule for this year. Registering here does not count. You MUST register to attend any of these. You may register here: https://www.bsidesslc.org/registration.html

You cannot manually add workshops to your schedule. You need to go register for them at https://www.bsidesslc.org/signup.html, and then the workshp will be added to your schedule.
View analytic
Friday, March 10 • 10:00am - 12:00pm
Introduction to Malware Analysis Part 1 REGISTER FIRST
Feedback form is now closed.
Limited Capacity filling up


This workshop will not be for grizzled malware analysts. This workshop is intended for those who are new to malware analysis or have a very limited exposure to it.  I will cover everything you need to start analyzing malware without learning how to reverse engineer binaries. I will cover, setting up a safe sandbox environment, detonating samples, identifying malware families,  and collect IOC's, and gathering as much information you can about a sample that you may come across.  
Current Working Outline:
  • Types of malware commonly seen today
  •    Web based
  •       Malicious websites that point to Exploit Kits
  •       iframes
  •       javascript
  •       java/flash objects
  •    File based
  •       Binary executables
  •       Microsoft Office Documents
  •       Visual Basic Scripts
  •       javascript files
  •       wsf files
  • Setting up a Sandbox Environment
  •    Setting up VPN access for your sandbox
  •    Installing and using tools for dynamic analysis
  •    Staying safe
  •       Handling of samples
  • Routing all VPN access through VPN
  • VM Snapshots
  • Static analysis of samples
  •    Strings
  •    Script extraction
  •    Script obfuscation
  •    Dynamic Analysis
  •    Watching behavior of sample detonation
  •       Process Hacker 2
  •       Child Process Spawning
  •       Process Migration
  • Process Memory Dumping
  •    Strings
  •    Fiddler 2
  •    HTTPS inspection
  •    Wireshark
  •    RegShot
  • Malware family identification
  •    Understanding family behaviors
  •    Memory Dump
  •    Strings in memory
  •    Volatility
  •    C2 communication methods
  • Tying it all together
  • Building IOCs from all the information we gathered from our analysis
  • If there is time, a peek into Cuckoo, automated Dynamic Analysis


ISOs/Software needed:

  • OSX or Linux Host OS (can probably use BSD too but ¯\_(ツ)_/¯  ). Feel free to bring Windows if you are feeling brave and able to troubleshoot yourself
  • VPN client on host OS with access to burnable public IP
  • Desktop Virtualization Software (I will be using VirtualBox)
  • Windows 7 32 bit Installation inside said Virtualization Software 
  • OfficeMalScanner
  • Process Hacker 2
  • Fiddler 2
  • Wireshark
  • HideToolz
  • RegShot


Danny Howerton

Danny is a SLC local with previous experience in Network Security Administration, IDS/AppID Signature writing, and Pentesting is now a Threat Analyst at Proofpoint and is responsible for tracking malware trends, campaigns, and actors. He has presented at a whole bundle of conferences and will leave it as an exercise to the user to figure out what ones.

Friday March 10, 2017 10:00am - 12:00pm
Workshop 2 Salt Palace Convention Center

Twitter Feed