Null offensive hacking hands-on training.
Proposed sessions for this event:
- Getting started with Malware/Exploit Kit Analysis by Gajendra Kumar
Getting started with Malware/Exploit Kit Analysis
Registrations open on July 15 at 00:00 AM and registrations close by July 26 2:00 PM or when the count reaches 55 (whichever happens first) .
You can register by clicking on the Register button and Confirming Registration on the next page.
Only the registered participants will be sent a confirmation email with the venue details. This email will be sent by Thursday July 27 10:00 PM.
After registration, if you realize you cannot make it to the session, please un-register yourself using the "Cancel Registration" button so that your seat can be given to someone else.
Please read the following instructions carefully. This will enable us to have a smooth, hassle free session.
The session is intended for ones interested in learning basics of malware analysis. This will be a completely hands on session to understand windows internals with focus on data structures that are of interest to an attacker. At the end of this session, the participant will learn to use tools like WinDbg, Immunity Debugger, basics of x86 assembly.
At a bare minimum, the following will be covered:
1 Introduction to Windows Internals
• Introduction to Virtual Memory and Physical memory
• Data structures that are of interest to an Attacker.
• Import Address Table
• Export Address table
2 Deep dive in to Shell Code Analysis.
• What is a Shell Code?
• Extracting shell code from a sample exploit and create a binary.
• Hands on with debugger to reverse the binary.
3 Reverse/Analyze a malware sample (‘Hancitor’)
Hardware Pre-requisites (Mandatory)
• A system capable of running Virtual Box. You can test this by installing Virtual Box and creating a test VM.
• Atleast 2 GB of RAM
• Atleast 10 GB of free space on any drive.
Software Pre-requisites (Mandatory)
• Windows 7 32 bit operating system running on Virtulbox or VmWare.
• The VM should have WinDbg Installed (https://www.microsoft.com/en-in/download/details.aspx?id=8279 )
• Immunity Debugger (https://www.immunityinc.com/products/debugger/ )
• Microsoft Office (Word 2010)
|Date||Saturday July 29 2017|
|Event Type||Invite Only|
|Start Time||09:30 AM|
|End Time||06:00 PM|