https://www.bsidesslc.org/signup.html
This workshop will not be for grizzled malware analysts. This workshop is intended for those who are new to malware analysis or have a very limited exposure to it. I will cover everything you need to start analyzing malware without learning how to reverse engineer binaries. I will cover, setting up a safe sandbox environment, detonating samples, identifying malware families, and collect IOC's, and gathering as much information you can about a sample that you may come across.
Current Working Outline:
- Types of malware commonly seen today
- Web based
- Malicious websites that point to Exploit Kits
- iframes
- javascript
- java/flash objects
- File based
- Binary executables
- Microsoft Office Documents
- Visual Basic Scripts
- javascript files
- wsf files
- Setting up a Sandbox Environment
- Setting up VPN access for your sandbox
- Installing and using tools for dynamic analysis
- Staying safe
- Handling of samples
- Routing all VPN access through VPN
- VM Snapshots
- Static analysis of samples
- Strings
- Script extraction
- Script obfuscation
- Dynamic Analysis
- Watching behavior of sample detonation
- Process Hacker 2
- Child Process Spawning
- Process Migration
- Process Memory Dumping
- Strings
- Fiddler 2
- HTTPS inspection
- Wireshark
- RegShot
- Malware family identification
- Understanding family behaviors
- Memory Dump
- Strings in memory
- Volatility
- C2 communication methods
- Tying it all together
- Building IOCs from all the information we gathered from our analysis
- If there is time, a peek into Cuckoo, automated Dynamic Analysis
ISOs/Software needed:
- OSX or Linux Host OS (can probably use BSD too but ¯\_(ツ)_/¯ ). Feel free to bring Windows if you are feeling brave and able to troubleshoot yourself
- VPN client on host OS with access to burnable public IP
- Desktop Virtualization Software (I will be using VirtualBox)
- Windows 7 32 bit Installation inside said Virtualization Software
- OfficeMalScanner
- Process Hacker 2
- Fiddler 2
- Wireshark
- HideToolz
- RegShot