BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:20edb3b6-1518-4b4c-86e8-02d95507c564 DTSTAMP:20260425T140117Z SUMMARY:Max Kersten - DotNet Malware Analysis Masterclass DESCRIPTION:Title: Max Kersten - DotNet Malware Analysis Masterclass\n\nSch eduled Date and Time (Pacific Standard): Thursday\, August 10\, 2023\, at 1400 PDT\n\nEventBrite Link: https://www.eventbrite.com/e/max-kersten-dotn et-malware-analysis-masterclass-tickets-668365999697?aff=oddtdtcreator\n\n Max Class Size: 35\n\n\n\n\nAbstract:\n\nDotNet based malware originally s tarted out as a novelty\, but has shown it is here to stay. With DotNet ma lware being used by APT actors and script kiddies\, and anything in-betwee n\, it is safe to say that one will encounter it sooner rather than later. This four-hour workshop primarily focuses on the analyst mindset and fund amental knowledge\, including topics such as loaders\, unpacking\, obfusca tion\, DotNet internals\, and (un)managed hooks. In short\, one will learn how to analyse DotNet malware\, and write automatic unpackers. As such\, this class is perfect for aspiring and beginning analysts\, while also pro viding background information and additional techniques for intermediate a nalysts.\n\nThe workshop’s materials will partially consist of actual ma lware samples\, the precautions for which will be explained in-detail duri ng the workshop\, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled VM based Windows 10 trial\, along with the community edition of Visual Studio (2019 or later) and the DotNet Framework runtime for version 3.5 and later. Other tools\, such as dnSpyE x\, de4dot\, and DotDumper\, can be downloaded during the workshop\, as th ese are insignificant in size.\n\nKnowing how to read VB.NET/C# is a prere quisite. Being able to write in C# is preferred\, but the workshop can be followed without being able to\, although a part of the exercises cannot b e completed without it.\n\nQuestions about the workshop can be asked via m y open Twitter DMs: @Libranalysis (https://twitter.com/Libranalysis)\n\n\n \n\nSkill Level: Beginner to Intermediate\n\nPrerequisites for students:\n \n- Have sufficient disk space and RAM to run one Windows 10 VM\, along wi th a few gigabyte additional extra space\n\n- Be able to understand VB.NET /C# and preferably (though not mandatory) be able to write in either of th ose languages\n\n- Be able to run a Windows 10 VM\n\n- Have a Windows 10 V M preinstalled in a virtual environment of choice (i.e.\, VirtualBox\, VMW are)\n\n- Have Visual Studio (2019 or later) installed\, along with the Do tNet Framework 3.5 and higher\n\n- Analysis tools will be provided (i.e. o pen-source tools such as dnSpyEx) as their file size is minimal\n\n- Malwa re samples and exercises will be provided on-location\n\n\n\n\nMaterials o r Equipment students will need to bring to participate: A laptop capable o f running one Windows 10 VM\, with the above-mentioned programs installed\ , and sufficient free disk space\n\n\n\n\nBio:\n\nMax Kersten is a malware analyst\, blogger\, and speaker who aims to make malware analysis more ap proachable for those who are starting. In 2019\, Max graduated cum laude w ith a bachelor's in IT & Cyber Security\, during which Max also worked as an Android malware analyst. Currently\, Max works as a malware analyst at Trellix\, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years\, Max spoke at international c onferences\, such as Black Hat Arsenal (USA\, EU\, MEA\, Asia)\, Botconf\, Confidence-Conference\, HackYeahPL\, and HackFestCA. Additionally\, he ga ve guest lectures and workshops for several universities and private entit ies.\n\n\n\n​ URL:https://forum.defcon.org/node/246044 DTSTART:20230810T220000Z DTEND:20230811T020001Z LOCATION:Las Vegas\, NV\, DEF CON 31 END:VEVENT END:VCALENDAR