BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:77d06f1e-a65a-4e0e-af55-7551c406ceb6
DTSTAMP:20260522T085622Z
SUMMARY:Sergei Frankoff\, Sean Wilson - Applied Emulation - A Practical App
 roach to Emulating Malware
DESCRIPTION:Title: Sergei Frankoff\, Sean Wilson - Applied Emulation - A Pr
 actical Approach to Emulating Malware\n\nScheduled Date and Time (Pacific 
 Standard): Thursday\, August 10\, 2023\, at 0900 PDT\n\nEventBrite Link: h
 ttps://www.eventbrite.com/e/sergei-frankoff-a-practical-approach-to-emulat
 ing-malware-tickets-668358156237?aff=oddtdtcreator\n\nMax Class Size: 50\n
 \n\n\n\nAbstract:\n\nBinary emulation is now a must-have tool for malware 
 analysts. With a few lines of Python you can unpack binaries\, skip analys
 is of complex algorithms\, and automatically extract the configuration dat
 a from malware! It’s not too good to be true\, but there is a little pre
 paration work involved…\n\nIn this workshop you will set up your own emu
 lation environment (using Python) and work through a series of common malw
 are analysis tasks such as unpacking\, and malware configuration extractio
 n. The workshop starts simple using Unicorn to emulate x86 shellcode\, and
  builds to a final project where syscall hooking is used with Dumpulator t
 o automatically extract C2s from malware.\n\nThis workshop is aimed at mal
 ware analysts and reverse engineers who are interested in learning more ab
 out emulation and how it can be used to automate some reverse engineering 
 workflows. Students must be able to write basic Python scripts\, and have 
 a working knowledge of the Windows OS. Familiarity with Windows malware\, 
 assembly\, and debugging are strongly recommended. If you have opened malw
 are in a debugger before you will feel right at home here.\n\nYou will be 
 provided with detailed virtual machine setup instructions prior to the wor
 kshop. Please make sure to bring a laptop that meets the following require
 ments.\n\n- Your laptop must have VirtualBox or VMWare installed and worki
 ng prior to the start of the course.\n\n- Your laptop must have at least 6
 0GB of disk space free.\n\n- Your laptop must also be able to mount USB st
 orage devices. (Make sure you have the appropriate dongle if you need one.
 )\n\n\n\n\nSkill Level: Intermediate\n\nPrerequisites for students: Studen
 ts must be able to write basic Python scripts and have a basic understandi
 ng of the Windows operating system. Familiarity with a Windows malware\, d
 ebugging\, and assembly would also be a significant benefit.\n\n\n\n\nMate
 rials or Equipment students will need to bring to participate: Students mu
 st bring a laptop capable of running a Windows virtual machine with the fo
 llowing configuration. Time will be given to troubleshoot lab setup issues
  but it is strongly recommended that students have the following setup pri
 or to the workshop.\n\n\n\n\n[Host Setup]\n\n- The laptop must have Virtua
 lBox or VMWare installed and working prior to class.\n\n- The laptop must 
 have at least 60GB of disk space free.\n\n- The laptop must be able to mou
 nt USB storage devices (ensure you have the appropriate dongle if you need
  one).\n\n\n\n\n[ VM Install ]\n\n- Download a free Windows 11 VM from Mic
 rosoft (https://developer.microsoft.com/en-us/windows/downloads/virtual-ma
 chines/)\n\n- You can also use a Windows VM of your choice (Windows 10 is 
 also ok)\n\n\n\n\n[ VM Install for Mac - Apple Silicon Only (M1\, M2)]\n\n
 - If you have a new Apple Silicon MacBook you will are limited to running 
 an ARM Windows VM\n\n- ARM Windows VMs are suitable for the workshop and y
 ou can follow our installation guide on YouTube (https://youtu.be/0eR8yrDL
 V5M)\n\n\n\n\n[VM Setup]\n\n- Install x64dbg in your VM (https://x64dbg.co
 m/)\n\n- Install a free version of IDA in your VM (https://hex-rays.com/id
 a-free/)\n\n- Install a version of Python > 3.8.x in your VM (https://www.
 python.org/)\n\n\n\n\nBios:\n\nSergei is a co-founder of OpenAnalysis Inc.
  When he is not reverse engineering malware Sergei is focused on building 
 automation tools for malware analysis\, and producing tutorials for the OA
 LABS YouTube channel. With over a decade in the security industry Sergei h
 as extensive experience working at the intersection of incident response a
 nd threat intelligence.\n\n\n\n\nSean\, a co-founder of OpenAnalysis Inc.\
 , splits his time between reverse engineering\, tracking malware and build
 ing automated malware analysis systems. Sean brings over a decade of exper
 ience working in a number of incident response\, malware analysis and reve
 rse engineering roles.\n​
URL:https://forum.defcon.org/node/246034
DTSTART:20230810T170000Z
DTEND:20230810T210001Z
LOCATION:Las Vegas\, NV\, DEF CON 31
END:VEVENT
END:VCALENDAR