Jump to content


WELCOME TO CERTKNOWLEDGE

Skype : certknowledge

Email : certknowledge@gmail.com

 

CCIE R&S SP SECURITY DATACENTER COLLABORATION WIRELESS
Written PASS PASS PASS PASS PASS PASS
Lab PASS PASS PASS NOT STABLE PASS PASS

 

Last Updated : December 14th 2018


Content Spy


Photo
OFFER

SANS Forensics 610 Reverse Engineering Malware



7 replies to this topic

#1 OFFLINE   venkatklr

venkatklr

    Member

  • Leecher
  • 22 posts
  • 251 thanks
  • LocationBangalore

Posted 10 September 2012 - 06:02 PM

Posted Image


This malware analysis course prepares forensic investigators, incident responders, and malware
specialists to reverse-engineer malicious software using practical tools and techniques.

This popular malware analysis course has helped forensic investigators, malware specialists,
incident responders, and IT administrators assess malware threats. The course teaches a practical
approach to examining malicious programs-spyware, bots, trojans, etc.-that target or run on
Microsoft Windows. This training also looks at reversing Web-based malware, such as
javascript and Flash files, as well as malicious document files. By the end of the
course, you’ll learn how to reverse-engineer malicious software using a variety of system and
network monitoring utilities, a disassembler, a debugger, and other tools for turning malware
inside-out!

Learn Malware Analysis to Improve Incident Response and Forensics Skills

This unique course provides a rounded approach to reverse-engineering by covering both behavioral
and code phases of the analysis process. As a result, the course makes malware analysis
accessible even to individuals with a limited exposure to programming concepts. The materials do
not assume that the students are familiar with malware analysis; however, the complexity of
concepts and techniques increases as the course progresses.

The malware analysis process taught in this class helps incident responders assess the severity
and repercussions of a situation that involves malicious software. It also assists in determining
how to contain the incident and plan recovery steps. Forensics investigators also learn how to
understand key characteristics of malware present on compromised systems, including how to
establish indicators of compromise (IOCs) for scoping and containing the intrusion.

A Methodical Approach to Reverse-Engineering

The course begins by covering fundamental aspects of malware analysis. You’ll learn how to set up
an inexpensive and flexible laboratory for understanding the inner-workings of malicious software
and will understand how to use the lab for exploring characteristics of real-world malware. Then
you’ll learn to examine the program’s behavioral patterns and code. Afterwards, you’ll experiment
with reverse-engineering compiled Windows executables and browser-based malware.

The course continues by discussing essential x86 assembly language concepts. You’ll examine
malicious code to understand the program’s key components and execution flow. Additionally,
you’ll learn to identify common malware characteristics by looking at Windows API patterns and
will examine excerpts from bots, rootkits, keyloggers, and downloaders. You’ll understand how to
work with PE headers and handle DLL interactions. Furthermore, you’ll learn tools and techniques
for bypassing anti-analysis capabilities of armored malware, experimenting with packed
executables and obfuscated browser scripts.

Towards the end of the course, you’ll learn to analyze malicious document files that take the
form of Microsoft Office and Adobe PDF documents. Such documents act as a common infection vector
and need to be understood by enterprises concerned about both large-scale and targeted attacks.
The course also explores memory forensics approaches to examining rootkits. Memory-based analysis
techniques also help understand the context of an incident involving malicious software.

Hands-On Training for Malware Analysis and Reversing

Hands-on workshop exercises are a critical aspect of this course and allow you to apply
reverse-engineering techniques by examining malware in a controlled environment. When performing
the exercises, you’ll study the supplied specimen’s behavioral patterns and examine key portions
of its code. You’ll examine malware on a Windows virtual machine that you’ll infect during the
course and will use the supplied Linux virtual machine (REMnux) that includes tools for examining
and interacting with malware.

Complexity of the Course: Formalizing and Expanding Your Malware Analysis Skills

While the field of reverse-engineering malware is in itself advanced, the course begins by
covering this topic from an introductory level and quickly progresses to discuss malware analysis
tools and techniques of intermediate complexity.

Neither programming experience nor the knowledge of assembly is required to benefit from the
course. However, you should have a general idea about core programming concepts, such as
variables, loops, and functions. The course spends some time discussing essential aspects of x86
assembly to allow malware analysts navigate through malicious executables using a debugger and a
disassembler.

https://www.sans.org...malware-analysi
s-tools-techniques-54-mid



Hidden Content
You'll be able to see the hidden content once you press the thanks button.


Thanked by 17 Members:
BlueLion , akarta , ravi143 , nesraserv , MaGn3t0 , netmaster , dangktwebntk , vietwow , m4v3rick , jkitru , ISecure , Spectro , irecs , vngouiowa , downtemplate , holinx , billyc123

#2 OFFLINE   sha8e

sha8e

    Member

  • Users
  • 11 posts
  • 0 thanks

Posted 10 September 2012 - 06:10 PM

what version is this?

#3 OFFLINE   Bolder

Bolder

    Member

  • Users
  • 14 posts
  • 2 thanks

Posted 10 September 2012 - 11:12 PM

what version is this?


.

I would assume it's the old 2010, but since the brand new 2012 GPEN was posted I'm not sure either.

Thanked by 1 Member:
jkitru

#4 OFFLINE   m4v3rick

m4v3rick

    Newbie

  • Users
  • 2 posts
  • 0 thanks

Posted 24 September 2012 - 06:13 AM

reupload on non premium plz

#5 OFFLINE   vietwow

vietwow

    Newbie

  • Users
  • 4 posts
  • 1 thanks

Posted 24 September 2012 - 07:05 AM

Thank you very much

#6 OFFLINE   dangktwebntk

dangktwebntk

    Newbie

  • Users
  • 1 posts
  • 0 thanks

Posted 24 September 2012 - 08:27 AM

Thanks !

#7 OFFLINE   toxicocean

toxicocean

    Newbie

  • Users
  • 8 posts
  • 0 thanks

Posted 28 July 2015 - 08:17 PM

thanks



#8 OFFLINE   inuxgeek121

inuxgeek121

    Newbie

  • Users
  • 3 posts
  • 0 thanks

Posted 01 August 2015 - 07:16 PM

thx






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Organization

Community

Downloads

Test Providers

Site Info


Go to top