Cyber Security Trainings | Solution Deployment | SOC Services | Project Management
Cyber Security Trainings | Solution Deployment | SOC Services | Project Management
Signed in as:
filler@godaddy.com
This course teaches the trainees malicious Artifact analysis fundamentals and various types of analyses. The attendees will be able to learn how to safely execute suspicious code in the controlled environment along with most important security precautions. It teaches the trainees how to perform basic static and automatic analysis – what tools can be used, what to look for, what can be found. This workshop gives the attendees the opportunity to use various popular tools during the analyses and let them decide what tools are best suited for different type of analyses. It also cover common malicious software behaviours and patterns – which can be later used to create proper signature.
At the beginning, participants will learn how to use basic static analysis techniques to perform a preliminary study of the sample. Using methods such as strings analysis, portable executable (PE) headers analysis, import address table (IAT) analysis or resources analysis, participants will try to determine some of the Artifacts functionality.
In the later part of the course, participants will perform behavioural analysis in which they will execute samples in a controlled environment. Then they will observe any changes taking place in the operating system such as which processes are created, what changes are made to the file system or the system registry, and if there would be any indicators of rootkit activity. Next, using all gathered information, participants will try to answer how the analysed samples behave after being executed and what would be the indicators of an infected system.
In this way participants will get the opportunity to compare manual analysis techniques with the automatic analysis and learn what are the advantages and disadvantages of using both the techniques.
Sending sample to the analysis.
Detecting packers and protectors
Strings extraction and analysis
PE structure and headers analysis
Import table analysis
PE resources analysis
Searching for embedded objects
Executing malware sample
Process Explorer analysis
Process Monitor analysis
Regshot analysis
Searching for Rootkit artifacts
Sending samples to Cuckoo
Analysing Cuckoo Sandbox results
Static Analysis results from Cuckoo Sandbox
Behavioural Analysis results from Cuckoo Sandbox
Network Analysis results from Cuckoo Sandbox
Analysing list of dropped files from Cuckoo Sandbo
Registry analysis results from Cuckoo Sandbox
This course is designed for Cyber Security professionals who are involved in doing quick assessment of encountered new threats, especially those associated with suspicious executable files. It is highly recommended that the attendees should have a good working level knowledge of Windows operating system. It is advisable to have some prior background and experience in Cyber Security, but it is not a must have as this course will start from the basics and get into advanced topics and hands-on labs.
It is highly recommended that all the attendees should bring their own laptop with the following Software/Hardware requirements:
Course Brouchure (pdf)
Download