AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Tuesday, September 22 • 11:00am - 12:15pm
Training (2 days) : Malware Crash Course

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach. Students will learn how to find the functionality of a program by analyzing disassembly and by watching how it modifies a system and its resources as it runs in a debugger. Students will learn how to extract host and network-based indicators from a malicious program. Students will be taught about dynamic analysis and the Windows APIs most often used by malware authors. Each section is filled with in-class demonstrations and hands-on labs with real malware where the students practice what they have learned.

What You Will Learn:

Hands-on malware dissection
How to create a safe malware analysis environment
How to quickly extract network and host-based indicators
How to perform dynamic analysis using system monitoring utilities to capture the file system, registry, and network activity generated by malware
How to debug malware and modify control flow and logic of software
To analyze assembly code after a crash course in the Intel x86 assembly language
Windows internals and APIs
How to use key analysis tools like IDA Pro and OllyDbg
What to look for when analyzing a piece of malware
The art of malware analysis - not just running tools

Labs are scheduled throughout the course and reinforce the concepts taught in each module. The estimate is that between 60% - 70% of class time is spent on lab work.

Who Should Take This Course?
Software developers, information security professionals, incident responders, computer security researchers, puzzle lovers, corporate investigators, or others requiring an understanding of how malware works and the steps and processes involved in performing malware analysis.

Students should have:
Excellent knowledge of computer and operating system fundamentals
Computer programming fundamentals and Windows Internals experience is highly recommended

What Should Students Bring?
Students must bring their own laptop with VMware Workstation, Server, or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space.

A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.

avatar for James “Tom” Bennett

James “Tom” Bennett

James T. Bennett is a seasoned malware analyst with over 10 years of experience working to improve technologies used to detect threats on the network and host levels.Mr. Bennett is currently employed as a Staff Threat Research Engineer with FireEye where he analyzes malware used in... Read More →
avatar for Peter Kacherginsky

Peter Kacherginsky

Reverse Engineer, FireEye
Peter Kacherginsky is a malware analyst, exploit developer, penetration tester, and incident responder with over 8 years of experience in the security industry. He is a big fan of IDA Pro and won last year's IDA Pro plugin contest. A number of Peter's open source security tools have... Read More →
avatar for Dominic Weber

Dominic Weber

Senior Manager, FireEye
Hi ! I am Dominic Weber and I have 13 years of computer forensic experience researching NTFS, ExFAT and the Windows key management If you've used EnCase, you've used my C++/ Windows code. Before that I Worked in 3D full body motion capture / rendering and video games. I work... Read More →

Tuesday September 22, 2015 11:00am - 12:15pm PDT
Pacific O