SANS FOR710: Reverse-Engineering Malware: Advanced Code Analysis

همانطور که مدافعان مهارت های تجزیه و تحلیل خود را تقویت می کنند و قابلیت های تشخیص بدافزار خودکار بهبود می یابد، نویسندگان بدافزار تلاش های خود را در زمینه رسیدن به هدف خود بیشتر میکنند . نتیجه بدافزاری است که ماژولارتر با چندین لایه کد مبهم است که در حافظه اجرا می شود تا احتمال شناسایی را کاهش دهد و مانع از تجزیه و تحلیل شود. تحلیلگران بدافزار باید برای مقابله با این قابلیت‌های پیشرفته آماده باشند و در صورت امکان از اتوماسیون برای مدیریت حجم، تنوع و پیچیدگی جریان ثابت بدافزارهایی که شرکت را هدف قرار می‌دهند، استفاده کنند. دوره آموزشی FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques به توانایی‌های تجزیه و تحلیل بدافزار سطح متوسط ​​دست یافته‌اند کمک می‌کند تا مهارت‌های معکوس کردن خود را به سطح بعدی ارتقا دهند. دوره SANS FOR710 که توسط مربی معتبر SANS Anuj Soni تالیف شده است، متخصصان بدافزار را برای تشریح فایل‌های اجرایی پیچیده ویندوز، مانند مواردی که بر سرفصل‌ها تسلط دارند و تیم‌های پاسخ به حوادث را در سراسر جهان مشغول می‌کنند، آماده می‌کند.

Date: 2022
Price: $8,525 USD
Publisher: SANS
By: Anuj Soni
Format: eBook PDF + Video + Virtual Machine
Website: Link

What You Will Learn

As defenders hone their analysis skills and automated malware detection capabilities improve, malware authors have worked harder to achieve execution within the enterprise. The result is malware that is more modular with multiple layers of obfuscated code that executes in-memory to reduce the likelihood of detection and hinder analysis. Malware analysts must be prepared to tackle these advanced capabilities and use automation whenever possible to handle the volume, variety and complexity of the steady stream of malware targeting the enterprise.

FOR710: Advanced Code Analysis continues where FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques course leaves off, helping students who have already attained intermediate-level malware analysis capabilities take their reversing skills to the next level. Authored by SANS Certified Instructor Anuj Soni, this course prepares malware specialists to dissect sophisticated Windows executables, such as those that dominate the headlines and preoccupy incident response teams across the globe.

Developing deep reverse-engineering skills requires consistent practice. This course not only includes the necessary background and instructor-led walk throughs, but also provides students with numerous opportunities to tackle real-world reverse engineering scenarios during class.

“As malware gets more complicated, malware analysis has as well. In recent years, malware authors have accelerated their production of dangerous, undetected code using creative evasion techniques, robust algorithms, and iterative development to improve upon weaknesses. Proficient reverse engineers must perform in-depth code analysis and employ automation to peel back the layers of code, characterize high-risk functionality and extract obfuscated indicators.” – Anuj Soni

FOR710 Advanced Code Analysis Will Prepare You To:

• Tackle code obfuscation techniques that hinder static code analysis, including the use of steganography.
• Identify the key components of program execution to analyze multi-stage malware in memory.
• Locate and extract deobfuscated shellcode during program execution.
• Develop comfort with non-executable file formats during malware analysis.
• Probe the structures and fields associated with a PE header.
• Use WinDBG Preview for debugging and assessing key process data structures in memory.
• Identify encryption algorithms in ransomware used for file encryption and key protection.
• Recognize Windows APIs that facilitate encryption and articulate their purpose.
• Investigate data obfuscation in malware, pinpoint algorithm implementations, and decode underlying content.
• Create Python scripts to automate data extraction and decryption.
• Build rules to identify functionality in malware.
• Use Dynamic Binary Instrumentation (DBI) frameworks to automate common reverse engineering workflows.
• Write Python scripts within Ghidra to expedite code analysis.
• Use Binary Emulation frameworks to simulate code execution.

Course Topics:

• Code deobfuscation
• Program execution
• Shellcode analysis
• Steganography
• Multi-stage malware
• WinDbg Preview
• Encryption algorithms
• Data obfuscation
• Python scripting for malware analysis
• Dynamic Binary Instrumentation (DBI) Frameworks
• Binary emulation frameworks
• Payload and config extraction
• Scripting with Ghidra
• YARA rules
• Yara-python
• SMDA disassebler

What You Will Receive With This Course:

• Windows 10 VM with pre-installed malware analysis and reversing tools.
• Real-world malware samples to examine during and after class.
• Coursebooks and workbook with detailed step-by-step exercise instruction.

Syllabus

FOR710.1: Code Deobfuscation and Execution
FOR710.2: Encryption in Malware
FOR710.3: Automating Malware Analysis
FOR710.4: Automating Malware Analysis (Continued)
FOR710.5: Advanced Malware Analysis Tournament (Extended Access)