Designed for experienced malware analysts, this course focuses on advanced topics related to combating a wider variety of more complex malware and malware defense mechanisms. It covers how to combat anti-disassembly, anti-debugging and anti-virtual machine techniques. It also discusses how to defeat packed and armored executables, analyze encryption and encoding algorithms and defeat various obfuscation techniques. Additional topics include malware stealth techniques (process injection and rootkit technology), analyses of samples written in alternate programming languages (C++) and popular software frameworks (.NET).
After completing this course, learners should be able to: • Understand how malware hides its execution, including process injection, process replacement and user-space rootkits • Grasp how shellcode works, including position independence, symbol resolution and decoders • Comprehend the inner workings and limitations of disassemblers such as IDA Pro as well as how to circumvent the anti-disassembly mechanisms that malware authors use to thwart analysis • Automate IDA Pro using Python and IDC to help analyze malware more efficiently • Understand how to combat anti-debugging, including bypassing timing checks, Windows debugger detection and debugger vulnerabilities • Fool malware so it cannot detect what is running in your safe environment • Understand how malware analysis is influenced by C++ concepts like inheritance, polymorphism and objects