Malware Analysis

Creating and Maintaining your Detonation Environment

1
MA – Setting up VirtualBox with Windows 10
2
MA – Installing the FLARE VM package
3
MA – Isolating your environment
4
MA – Maintenance and snapshotting

Static Analysis – Techniques and Tooling

1
MA – The basics – hashing
2
MA – Avoiding rediscovery of the wheel
3
MA – Getting fuzzy
4
MA – Picking up the pieces

Dynamic Analysis – Techniques and Tooling

1
MA – Detonating your malware
2
MA – Discovering enumeration by the enemy
3
MA – Case study – Dharma
4
MA – Discovering persistence mechanisms
5
MA – Using PowerShell for triage
6
MA – Persistence identification
7
MA – Checking user logons
8
MA – Locating secondary stages
9
MA – Examining NTFS (NT File System) alternate data streams

A Word on Automated Sandboxing

1
MA – Using HybridAnalysis
2
MA – Using Any.Run
3
MA – Installing and using Cuckoo Sandbox
4
MA – Shortcomings of automated analysis tools

Advanced Static Analysis – Out of the White Noise

1
MA – Dissecting the PE file format
2
MA – Examining packed files and packers
3
MA – Utilizing NSA’s Ghidra for static analysis

Advanced Dynamic Analysis – Looking at Explosions

1
MA – Monitoring malicious processes
2
MA – Network-based deception
3
MA – Hiding in plain sight
4
MA – Case study – TrickBot

Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill

1
MA – Leveraging API calls to understand malicious capabilities
2
MA – Identifying anti-analysis techniques
3
MA – Tackling packed samples

De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube

1
MA – Identifying obfuscation techniques
2
MA – Deobfuscating malicious VBS scripts
3
MA – Deobfuscating malicious PowerShell scripts
4
MA – A word on obfuscation and de-obfuscation tools

The Reverse Card: Weaponizing IOCs and OSINT for Defense

1
MA – Hashing prevention
2
MA – Behavioral prevention
3
MA – Network IOCs – blocking at the perimeter
4
MA – Common tooling for IOC-based blocking

Malicious Functionality: Mapping Your Sample to MITRE ATT&CK

1
MA – Understanding MITRE’s ATT&CK framework
2
MA – Case study: Andromeda
3
MA – Utilizing MITRE ATT&CK for C-level reporting

Be the first to add a review.

Please, login to leave a review
Add to Wishlist
Enrolled: 0 students
Lectures: 42

Archive

Working hours

Monday 9:30 am - 6.00 pm
Tuesday 9:30 am - 6.00 pm
Wednesday 9:30 am - 6.00 pm
Thursday 9:30 am - 6.00 pm
Friday 9:30 am - 5.00 pm
Saturday Closed
Sunday Closed
Malware Analysis
Price:
Free