Have you ever been curious about Malware Analysis or where to start with this whole world? Join WSC and Yasmine Johnston-Ison for a remote hands-on session discussing Malware Analysis.
Yasmine is an Ecrime Senior Threat Researcher at Fidelis CyberSecurity. She is also a Army SIGINT vet who grew up in the intelligence world with a passion for cyber threat intelligence. Yasmine has been with WSC since the very beginning of the organization.
FREE for anyone to attend. This session is only online. Donations recommended! Donate here: https://womenscyberjutsu.org/donations/donate.asp?id=12198
Join Me - Details provided after registration
February 22, 2020
|Level - 100
Level 100 courses are designed for students with little to no previous IT Security experience, or no experience in the topic(s) being covered. These courses are meant to be introductory level, or provide the training for entry level certifications.
Unsure what level you are? Take a look here.
We will cover basic file analysis and behavior analysis of a malware sample.
Objectives – What You Will Leave Knowing
At the end students will have enough knowledge to decide if a file is malicious or not. Students will also be able to talk about what a file is doing on the system.
Students should have some knowledge of the following:
- Must know what malware is.
- Know how to set up a virtual machine.
Agenda for Training
- Download a malware sample from Hybrid Analysis into VM
- What does VT say
- Review of tools we will use
- Review basic file information review using PE studio
- Review Strings
- Set up noriben
- Set up procexe
- Set up wireshark
- Get ready to run the malware! Pre-flight check list
- Review behavior
- Go over what we learned
- Talk about how we could analyze the malware further and introduce what next level analysis would be.
Students should have the following tools installed on a virtual machine. You can use VirtualBox or VMWare.
- Set up a free account on Hybrid Analysis
- Have a windows 7 or later virtual machine set up
- Download and place on vm the following tools:
- PE Studio - https://winitor.com/tools/pestudio/current/AD064585-6F6E-499e-A11D-8B78EA22C66A.zip
- PROCMON - https://download.sysinternals.com/files/SysinternalsSuite.zip
- PROCEXE - https://download.sysinternals.com/files/SysinternalsSuite.zip
- noriben - https://github.com/Rurik/Noriben
- Wireshark - https://www.wireshark.org/
- Notepad++ - https://notepad-plus-plus.org/
- bintext - https://www.aldeid.com/wiki/BinText
- Python 2.7
- .net Framework