Malware Analysis Workshop

Presented at BalCCon2k22 - Loading (2022), Sept. 25, 2022, 1:40 p.m. (120 minutes).

This workshop has four short modules. The first covers the very basics of lab setup: sourcing malware samples, handling malware samples, and tools for basic analysis. The tools you will learn across the workshop are Binary Ninja for disassembly and decompilation, x64dbg for debugging, and Burp Suite for traffic interception and analysis. During the second module you will learn how to unpack a windows executable manually using a debugger. The third module you will learn techniques for analyzing shellcode. Finally, in the fourth module, you will learn how to perform network traffic capture on HTTPS encrypted command and control communications from real malware.

According to Fortune magazine, "the number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million ... in five years, the same number of jobs will still be open."

Many people have asked me over the years: "how do I start with malware analysis and reverse engineering?" My goal here is to first and foremost answer this question. Secondly, to make this process fun and interesting. This malware analysis workshop will be fast paced and should leave you hungry for more.

Attendees will need to have a computer with a working wifi network connection and a fully updated Chrome or Firefox browser. No malware samples will be on your laptop at any time during the workshop.


Presenters:

  • Robert Simmons
    Robert Simmons is an independent malware researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.

Links:

Similar Presentations: