7b21614b880c41516fae1251d6cbcd7c

Abstract

Introduction

 This one day session try to help beginner to understand concepts of malware analysis and Reverse Engineering. This will be complete hands on workshop where attendees shall learn about analyzing malware and reversing of that. The platform for analysis shall be considered "Windows OS" and Windows based malware's. This session assume attendees with no or less prior experience in the subject.

Agenda

• Setting up Analysis Lab
    a. Discussion on building safe analysis lab with required toolkit
    b. We shall be distributing VMs with tools installed.

• Basic background on Windows Internals
    a. Basics on PE fie format.
    b. Basics on Windows OS architecture.
    c. Basics on Intel x86 Assembly - Instructions and Code Pattern.

• Behavioral Malware analysis approach
    a. SysInternals working.
    b. PE/Hex editors.
    c. Sandbox analysis.

• Advance Static code analysis & Dynamic code analysis of malware .

• Techniques.

• Introduction to required toolset
    a. Introduction to Disassemblers and Debuggers.
    b. Malware Reversing & Debugging. 

• Fun with Malwares.

• Hidden techniques.

Prerequisites

• General knowledge of OS fundamentals is required.
• Little exposure to programming in X86 ASSEMBLY and C languages is required.

Hardware & Software Requirement

• A laptop capable of running two virtual machines simultaneously (4/8 GB of RAM).
• 8/16 GB Flash Drive.
• Virtual Box or VMware Workstation 8 or above.

\

Speaker

Rohan Bhavsar

An experienced security consultant, researcher, analyst and enthusiast working on various domains of security. His large interest is in doing more security research that helps in Research development, incident response as well as security intelligence processes. Rohan, closely works with trending malware programs, analyze newly evolving attack vectors, and works towards to detect and remediate such real world threats. He was a speaker at many events and security conferences in India.

Timing

Starts at Sunday September 06 2015, 10:00 AM. The sessions runs for about 7 hours.

Resources