Summary: The course focuses on training the analyst for finding malware and analyzing it.The course teaches fundamentals of Windows OS from malware forensics perspective.During the 5-day period, all the attendees will analyze multiple malware samples of various categories including RATs, Botnets, Key loggers, APT malware etc.
Student Lab Requirement:
Vmware Workstation 10.X or later/ Fusion 6.0+/ Player 6+ running Windows 7/XP, 100 GB free disk space
Content
1. Overview on current Threat Landscape
- 1.1. Malware Categorization
- 1.2. Cyber Kill Chain
- 1.3. APTs
2. Building Malware Analysis Lab.
3. Windows System Structure (forensics Context)
- 3.1. Processes
- 3.2. Prefetch Files
- 3.3. Browser
- 3.4. Auto runs
- 3.5. Scheduled Tasks
- 3.6. Registry
- 3.7. Windows Artifact Analysis from various locations)
- 3.8. Timeline Analysis
- 3.9. Time stamping
4. Static Analysis
- 4.1. Scanning, Hashing, Fuzzy Hashing
- 4.2. Unpacking
- 4.3. Find Anomalies
- 4.4. Visualization
- 4.5. File Analysis
- 4.6. PE Analysis
- 4.7. Document File Analysis
- 4.8. PDF analysis
5. Dynamic Analysis
- 5.1. Building the lab
- 5.2. Snapshot
- 5.3. Network Interactions
- 5.4. Sandboxes
- 5.5. Sandbox Evasion Techniques
6. Network Artifact Analysis
- 6.1. PCAP analysis
- 6.2. Evidence Extraction from PCAPs
- 6.3. Tracing Malware communications
7. Memory Forensics
- 7.1. Overview
- 7.2. Processes and Threads
- 7.3. Data Structures
- 7.4. Recovering Files
- 7.5. Process Memory
- 7.6. Hooks
- 7.7. Finding Hidden Processes
- 7.8. Memory Acquisition
- 7.9. Finding Malware in memory