Malware analysis and memory forensics are powerful analysis and investigative techniques used in reverse engineering, digital forensics, and incident response. With adversaries getting sophisticated and carrying out advanced malware attacks on critical infrastructures, Data Centers, private and public organizations, it is essential for cyber-security professionals to have the necessary skills to detect, respond and investigate such intrusions. Malware analysis and memory Forensics have become a must-have skill for fighting advanced malwares, targeted attacks, and security breaches. This hands-on training teaches the concepts, tools, and techniques to analyze, investigate, and hunt malwares by combining two powerful techniques malware analysis and memory forensics. After taking this course, attendees will be better equipped with the skills to analyze, investigate, and respond to malware-related incidents.
This course will introduce attendees to the basics of malware analysis, reverse engineering, Windows internals, and memory forensics and then it gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code, and memory analysis. To keep the training completely practical, it consists of various scenario-based hands-on labs after each module which involves analyzing real-world malware samples and investigating malware infected memory images (crimewares, APT malwares, Fileless malwares, Rootkits, etc.). This hands-on training is designed to help attendees gain a better understanding of the subject in a short span of time. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. In addition to that, it also covers various code injection, hooking, and rootkit techniques used by adversaries to bypass forensic tools and security products. In this training, you will also gain an understanding of how to integrate malware analysis and memory forensics techniques into a custom sandbox to automate the analysis of malicious code.
Learning Objectives
How malware and Windows internals work
How to create a safe and isolated lab environment for malware analysis
Tools and techniques to perform malware analysis
How to perform static analysis to determine the metadata associated with malware
How to perform dynamic analysis of the malware to determine its interaction with process, file system, registry, and network
How to perform code analysis to determine the malware functionality
How to debug malware using tools like IDA Pro and x64dbg
How to analyze downloaders, droppers, keyloggers, fileless malwares, HTTP backdoors, etc.
Understanding various persistence techniques used by the attackers
Understanding different code injection techniques used to bypass security products
What is Memory Forensics and its use in malware and digital investigation
Ability to acquire a memory image from suspect/infected systems
How to use open source advanced memory forensics framework (Volatility)
Understanding of the techniques used by the malwares to hide from Live forensic tools
Understanding of the techniques used by Rootkits(code injection, hooking, etc.)
Investigative steps for detecting stealth and advanced malware
How memory forensics helps in malware analysis and reverse engineering
How to incorporate malware analysis and memory forensics in the sandbox
How to determine the network and host-based indicators (IOC)
Techniques to hunt malwares
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):