Malware Analysis

Introduction

This course will give you a thorough understanding of various types of malware including viruses, worms, backdoors, and malicious mobile code. You will also learn how to identify malware and analyze it in a lab environment using static and dynamic methods. An overview will be provided on the disassembling and reverse-engineering aspect.

Who should attend?

Incident Response and Forensic Analysts, security professionals responsible for protecting organizations from malware attacks or any other network / system administrators keen on knowing the details of malware.

Duration

2 Days

Topics Covered

Introduction to Malware

1. About malware
2. Types of malware
3. What malware can do

Viruses and Worms

1. History of viruses
2. Types of viruses - boot/file infectors, multipartite, macro, stealth, polymorphic and others
3. Types of worms - file sharing, smtp, multiexploit, multiplatform
4. Differences in viruses and worms

Backdoors, Trojans and Rootkits

1. Types of backdoors - CLI access, GUI access, command execution
2. Demonstration using NetCat
3. ICMP Backdoors
4. Types of Rootkits - User-mode, Kernel-mode
5. Rootkits on Windows & Linux

Bots and Botnets

1. Introduction to bots and botnets
2. Uses of botnets - DdoS, spamming, advertising, spying
3. Types of botnets - Agobot, SDbot, mIRC bots etc.

Mobile Malware

1. Client-side scripts
2. ActiveX / Java applets

Buffer Overflows and Shellcodes

Identifying and Defending against Malware

1. Scanning - signatures, heuristics
2. Online Anti-virus
3. Personal firewalls
4. Patching and secure configuration
5. User education

Malware Analysis

1. Building a lab for malware analysis
2. Static analysis - strings, script analysis, disassembling
3. Runtime analysis - Monitoring access to files, registry or disk, monitoring processes, monitoring network activity, looking for listening ports, debugging
4. Analyzing network traffic to identify malicious communication
5. Understanding covert channels
6. Tracking botnets