Practical Malware Analysis

Sam Bowne

SCOREBOARD

Workshop Description

Learn how to analyze malware, including computer viruses,
Trojans, and rootkits, using disassemblers, debuggers,
static and dynamic analysis, using IDA Pro, OllyDbg and other tools.

Familiarity with programming in C and assembler is helpful but not necessary.

All the projects run on a single Windows Server 2008 machine.
You can run it locally on VMware or VirtualBox, or in the cloud with NETLAB.

Local Hosting

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

VMs

For VMware: Win2008Malware.7z
Size: 2,073,173,278 bytes
SHA-256: c2d59bb80d71cb73350fe436d2658eeb46c869edce66c950ce97268e2a2fa25a

For VirtualBox: Win2008MalwareVB.7z
Size: 3,754,472,442 bytes
SHA-256: 879584a72752a3a22843b21e02992e6aa78ad4b73aed5536a44c91613d813113

For Hyper-V: Svr8Vm12.7z
Size: 2.21 GB

Cloud Hosting

Login     Reserve "NDG 1 Server Pod (no lab)"

Hosted by  

Challenges

I: Basic Static Analysis

1. Basic Static Techniques (10)
2. Unpacking (10)
3. Challenge: Name the Packer  (5)
4. Challenge: Datestamp (5)
Chinese
Chinese
Chinese
Chinese

II: Basic Dynamic Analysis

5. Basic Dynamic Analysis (10)
6. Keylogger (15)
7. Challenge: Beacons (10)
Chinese
Chinese
Chinese

III: Advanced Static Analysis

8. Jasmin
9. Challenge: Secret Message (10)
10. IDA Pro
11. Challenges with IDA (50)

Reference: Crash Course in Computer Science Videos

Chinese
Chinese
Chinese
Chinese



IV: Advanced Dynamic Analysis

12. Simple EXE Hacking with Ollydbg (20)
13: Adding Trojan Code with LordPE (20)
14: Patching EXEs with Ollydbg (100)
15. Kernel Debugging with LiveKd & WinDbg (15)
16. SSDT Hooking (15)
Chinese
Chinese
Chinese
Chinese
Chinese

More Training

CTF-Style Workshops

Violent Python (Easiest)
Exploit Development for Beginners (Easy)
Crypto Hero (Intermediate)
Practical Malware Analysis (Hardest)

Whole Classes

CNIT 123: Ethical Hacking and Network Defense
CNIT 124: Advanced Ethical Hacking (Includes Violent Python)
CNIT 125: CISSP Prep
CNIT 126: Practical Malware Analysis
CNIT 127: Exploit Development
CNIT 128: Hacking Mobile Devices
CNIT 129S: Securing Web Applications
CNIT 141: Cryptography for Computer Networks

EventHighestCount
WASTC in Garden Grove, CA, June 2018
WASTC in Aptos, CA, June 2018
CCC 2018
WC IL 2018
DEF CON China 2018 #1
DEF CON China 2018 #2
RSA 2018
BSidesLV 2017
DEF CON 25 (2017)
CactusCon 2017
85
105
145
220
295
185
155
185
260
170
18
6
10
11
38
26
38
26
74
39

Posted: 4-17-18 6:38 am
Class and contest list added 4-18-18
More grading forms added 4-19-18
RSA scores added 4-19-18
Logo added for DEF CON China 4-21-18
Video from RSA 2018 added 4-21-18
Chinese pages added 5-2-18
More Chinese pages added 5-6-18
Assistants info added 5-8-18
Video removed 5-12-18
Crash course link added 5-23-18
Scores from CCC 2018 added 6-4-18
Image of DEF CON China removed 6-9-18
Scores from WASTC in Aptos added 6-18-18
Scores from WASTC in Garden Grove added 7-20-18
Old scores moved to bottom, livestream link added, video added 1-7-18