Practical Malware Analysis

Sam Bowne

SCOREBOARD

Scores from RSA 2018
Scores from BSidesLV 2017
Scores from DEF CON 25 (2017)
Scores from CactusCon 2017

Video from RSA 2018

Workshop Description

Learn how to analyze malware, including computer viruses,
Trojans, and rootkits, using disassemblers, debuggers,
static and dynamic analysis, using IDA Pro, OllyDbg and other tools.

Familiarity with programming in C and assembler is helpful but not necessary.

All the projects run on a single Windows Server 2008 machine.
You can run it locally on VMware or VirtualBox, or in the cloud with NETLAB.

Local Hosting

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

VMs

For VMware: Win2008Malware.7z
Size: 2,073,173,278 bytes
SHA-256: c2d59bb80d71cb73350fe436d2658eeb46c869edce66c950ce97268e2a2fa25a

For VirtualBox: Win2008MalwareVB.7z
Size: 3,754,472,442 bytes
SHA-256: 879584a72752a3a22843b21e02992e6aa78ad4b73aed5536a44c91613d813113

Cloud Hosting

Login     Reserve "NDG 1 Server Pod (no lab)"
Hosted by  

Challenges

I: Basic Static Analysis

 1. Basic Static Techniques (10)
2. Unpacking (10)
3. Challenge: Name the Packer  (5)
4. Challenge: Datestamp (5)

II: Basic Dynamic Analysis

 5. Basic Dynamic Analysis (10)
6. Keylogger (15)
7. Challenge: Beacons (10)

III: Advanced Static Analysis

 8. Jasmin
9. Challenge: Secret Message (10)
10. IDA Pro
11. Challenges with IDA (50)

IV: Advanced Dynamic Analysis

 12. Simple EXE Hacking with Ollydbg (20)
13: Adding Trojan Code with LordPE (20)
14: Patching EXEs with Ollydbg (100)
15. Kernel Debugging with LiveKd & WinDbg (15)
16. SSDT Hooking (15)

More Training

CTF-Style Workshops

 Violent Python (Easiest)
Exploit Development for Beginners (Easy)
Crypto Hero (Intermediate)
Practical Malware Analysis (Hardest)

Whole Classes

 CNIT 123: Ethical Hacking and Network Defense
CNIT 124: Advanced Ethical Hacking (Includes Violent Python)
CNIT 125: CISSP Prep
CNIT 126: Practical Malware Analysis
CNIT 127: Exploit Development
CNIT 128: Hacking Mobile Devices
CNIT 129S: Securing Web Applications
CNIT 141: Cryptography for Computer Networks

Posted: 4-17-18 6:38 am
Class and contest list added 4-18-18
More grading forms added 4-19-18
RSA scores added 4-19-18
Video added 4-21-18