RSA Malware Analysis

$4,400.00


  • Classroom

  • Onsite

← Continue Searching

Duration: 4 Days

This course provides you with the knowledge and skills to develop a strategy for analyzing malware. You will learn the components of a malware analysis environment and practice new skills in the course's malware analysis environment. You will learn to select and apply the tools and techniques required to analyze a variety of malware threats with the goal of extracting indicators of compromise. You will also develop a workflow to gather intelligence and apply it to the security environment.

What You Will Learn

  • Develop a strategy for analyzing malware
  • Collect and report actionable intelligence gained from analysis of malware
  • Establish indicators of compromise and the method of persistence of a malware sample
  • Outline the steps to set up a malware analysis environment
  • Analyze commonly exploited file formats, including JavaScript, SWF files, and PDF
  • Examine the behavior of malware and its interaction with its environment using dynamic analysis tools and techniques
  • Analyze command and control (C2) techniques to establish the intention and functionality of a malware sample
  • Investigate the behavior of malware using a debugger
  • Identify and defend against anti-analysis techniques
  • Determine the program instructions and functionality of a malware executable by applying static analysis techniques
  • Combine static and dynamic analysis methods to investigate more complex features of malware using disassembly and debugging tools
  • Develop Yara rules to identify and classify malware

Audience

Tier Three security analysts and computer forensic investigators who demonstrate basic knowledge of malware analysis and want to know more about the tools and techniques associated with analyzing malware and extracting indicators of compromise

Prerequistes

  • Familiarity with computer architecture principles, operating system theory, software analysis, networking principles (including protocols and communication channels), and fundamental principles of computer security
  • Knowledge of programming structure, assembly language, and scripting

Course Outline

1. Introduction to Malware Analysis

  • Goal of malware analysis
  • Tasks involved in malware analysis
  • Types of intelligence gained from malware analysis

2. Making Recommendations Based Upon Actionable Intelligence

  • Phases of the intelligence cycle
  • Role actionable intelligence plays in a security strategy
  • Consumers of intelligence
  • Sections of an intelligence report
  • Create content for each section of an intelligence report

3. Assessing the Existence and Persistence of Malware

  • Establish indicators of compromise
  • Identify host-based artifacts
  • Identify network-based artifacts
  • Determine malware's method of persistence
  • Assessing the presence of malware on a system

4. Exploring the Malware Analysis Environment

  • Components of a malware analysis environment
  • Steps to create a malware analysis environment
  • Tools included in the course's malware analysis environment

5. Analyzing Commonly Exploited File Formats, including:

  • JavaScript
  • SWF files
  • Java
  • PDF

6. Dynamic Analysis of Malware

  • Process of dynamic analysis
  • Apply dynamic analysis tools and techniques to investigate malware's behavior in a virtual environment
  • Determine the indicators of compromise based on dynamic analysis investigation

7. Investigating Command and Control Communications

  • Command and control communication as used by malware
  • Types of activities an attacker engages in using C2
  • C2 techniques
  • Procedure to capture and analyze C2 traffic
  • How to set up an environment to investigate C2
  • Intercept communication using a proxy
  • Address the issue of C2 not responding

8. Execute a Malware Sample using a Debugger

  • Features and capabilities of an assembly level debugger, such as Immunity Debugger
  • Examine malware execution using a debugger
  • Benefits of scriptable debugging

9. Identifying and Defending Against Anti-Analysis Techniques

  • Anti-analysis techniques, including anti-debugger techniques and anti-VM techniques
  • Recognize when a malware sample is using an anti-VM or anti-debugger technique
  • Apply strategies to defend against anti-analysis techniques

10. Static Analysis of Malware

  • Process of static analysis
  • Outcomes of the static analysis process
  • Classify sources of data viable for analysis
  • Disassemble malware executable code using IDA Pro

11. Investigate Advanced Malware Techniques

  • How a packed file executes
  • Detect the packer used by a malware sample
  • Unpack a packaged malware sample using a debugger
  • Determine the method of code injection used by malware
  • Capabilities of backdoor functions
  • Apply static analysis methods to find backdoor functions installed by malware
  • Save a memory image using VMware
  • Analyze memory using Volatility and IDA Pro

12. Developing Yara Rules to Identify and Classify Malware

  • Structure of a Yara rule
  • Options of the Yara command line tool
  • Develop Yara rules to classify malware

Course Labs

In addition to lecture and demonstrations, this course includes hands-on labs designed to give you practical experience.