[WORKSHOP - REMOTE] Intro to Malware Analysis
Tell a Friend About This EventTell a Friend
 

2/22/2020
When: Saturday, February 22
1 - 2 PM CST
Where: Online
United States
Contact:


Online registration is closed.
« Go to Upcoming Event List  

Have you ever been curious about Malware Analysis or where to start with this whole world? Join WSC and Yasmine Johnston-Ison for a remote hands-on session discussing Malware Analysis. 

About Instructor
Yasmine is an Ecrime Senior Threat Researcher at Fidelis CyberSecurity. She is also a Army SIGINT vet who grew up in the intelligence world with a passion for cyber threat intelligence. Yasmine has been with WSC since the very beginning of the organization. 

Cost
FREE for anyone to attend. This session is only online. Donations recommended! Donate here: https://womenscyberjutsu.org/donations/donate.asp?id=12198

Location 
Join Me - Details provided after registration

Date
February 22, 2020

Time

Level - 100  

Level 100 courses are designed for students with little to no previous IT Security experience, or no experience in the topic(s) being covered.  These courses are meant to be introductory level, or provide the training for entry level certifications.

Unsure what level you are? Take a look here.

Description
We will cover basic file analysis and behavior analysis of a malware sample.

Objectives – What You Will Leave Knowing
At the end students will have enough knowledge to decide if a file is malicious or not. Students will also be able to talk about what a file is doing on the system.

Prerequisites
Students should have some knowledge of the following:

  • Must know what malware is.
  • Know how to set up a virtual machine. 

Agenda for Training

  • Download a malware sample from Hybrid Analysis into VM
  • What does VT say
  • Review of tools we will use
  • Review basic file information review using PE studio
  • Review Strings
  • Set up noriben
  • Set up procexe
  • Set up wireshark 
  • Get ready to run the malware! Pre-flight check list
  • Review behavior 
  • Go over what we learned
  • Talk about how we could analyze the malware further and introduce what next level analysis would be. 

Technical Requirements
Students should have the following tools installed on a virtual machine. You can use VirtualBox or VMWare.

  • Set up a free account on Hybrid Analysis
  • Have a windows 7 or later virtual machine set up
  • Download and place on vm the following tools:
    • PE Studio - https://winitor.com/tools/pestudio/current/AD064585-6F6E-499e-A11D-8B78EA22C66A.zip
    • PROCMON - https://download.sysinternals.com/files/SysinternalsSuite.zip
    • PROCEXE - https://download.sysinternals.com/files/SysinternalsSuite.zip
    • noriben - https://github.com/Rurik/Noriben
    • Wireshark - https://www.wireshark.org/
    • Notepad++ - https://notepad-plus-plus.org/
    • bintext - https://www.aldeid.com/wiki/BinText
    • Python 2.7
    • .net Framework