A Crash Course In Deep Dive Malware Analysis

Presented at BSidesDC 2019, Oct. 26, 2019, 8:30 a.m. (510 minutes).

Deep dive malware analysis is primarily a static approach, using limited debugging for targeted purposes. The approach can provide every last detail or be used to quickly identify IOC’s and Yara rules, but the method is often shrouded in mystery. It can take years to develop and most analysts don’t have the time to fumble around trying to build this advanced skill. Save yourself countless hours and guesswork and get an up-close view of the approach. This lab based workshop will guide you through the deep dive process using Ghidra to analyze a malicious RAT from start to finish. You’ll learn how to triage a function, judge what to analyze and what to skip, verify the full C2 network protocol using Python, and much more. See the benefits and learn how you can practice this approach in your own job to dramatically elevate your RE skill level. Student Requirements: - Participants need to be proficient in reading and debugging x86 assembly code and have a basic understanding of programming in python for this advanced class - Students must bring a 64 bit laptop with: * VirtualBox or VMWare installed * 25GB of free disk space to install a provided windows analysis VM * 6GB of RAM to dedicate to the provided windows VM * 1 USB slot * An internet connection to activate the provided windows VM

Presenters:

  • Adam Gilbert - Founder at AGDC Services
    Adam Gilbert is an avid security researcher and founder of <em>AGDC Services</em>, a boutique computer security firm. He has over a decade of information security experience and specializes in complex malware analysis and training. Adam has a M.S. in Electrical and Computer Engineering but his knowledge isn’t academic, it comes from digging deep into malware to understand every aspect. Translating complex malware techniques into understandable concepts to increase fellow security practitioners skills is a truly rewarding experience that Adam is passionate about.

Links:

Similar Presentations: