by FreshWap.CC

FOR610 - Reverse-Engineering Malware - Malware Analysis Tools and Techniques

Video Courses

FOR610 - Reverse-Engineering Malware - Malware Analysis Tools and Techniques
FOR610 - Reverse-Engineering Malware - Malware Analysis Tools and Techniques
Anuj Soni | Duration: 30h 00m | Video: H264 1280x720 | Audio: AAC 32 kHz mono | 7,76 GB | Language: English
Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.
Understanding the capabilities of malware is critical to your ability to derive threat intelligence, respond to cybersecurity incidents, and fortify enterprise defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and many other freely available tools.

The course begins malware analysis essentials that let you go beyond the findings of automated analysis tools. You will learn how to set up a flexible laboratory to examine the inner workings of malicious software, and how to use the lab to uncover characteristics of real-world malware samples. You will also learn how to redirect and intercept network traffic in the lab to derive additional insights and indicators of compromise. You will also start mastering dynamic code analysis techniques with the help of a debugger.
The course continues by discussing essential assembly language concepts relevant to reverse engineering. You will learn to examine malicious code with the help of a disassembler and a decompiler to understand key capabilities and execution flow. In addition, you will learn to identify common malware characteristics by looking at suspicious Windows API patterns employed by malicious programs.
Next, you will dive the analysis of malicious Microsoft Office, RTF, and PDF document files, which are often used as part of the attack chain in mainstream and targeted attacks. You'll learn how to examine macros and other threats that such documents might pose. The course will also teach you how to deobfuscate malicious scripts in the form of jаvascript and PowerShell scripts. You'll also learn how to examine shellcode.
Malware is often obfuscated to hinder analysis efforts, so the course will equip you with the skills to unpack malicious Windows executables. You will learn how to dump such programs from memory or otherwise bypass the packer's protection with the help of a debugger and additional specialized tools. You will also learn how to examine malware that performs code injection and API hooking to to conceal its presence on the system or interfere with information flow.
FOR610 malware analysis training also teaches how to handle malicious software that attempts to safeguard itself from analysis. You will learn how to recognize and bypass common self-defensive measures, including "fileless" techniques, sandbox evasion, flow misdirection, debugger detection, and other anti-analysis measures.
The course culminates with a series of Capture-the-Flag challenges designed to reinforce the techniques learned in class and provide additional opportunities to learn practical, hands-on malware analysis skills in a fun setting.
Hands-on lab exercises are a critical aspect of this course. They enable you to apply malware analysis techniques by examining malicious software in a controlled and systemic manner. When performing the exercises, you will study the supplied specimens behavioral patterns and examine key portions of their code. To support these activities, you will receive pre-built Windows and Linux virtual machines that include tools for examining and interacting with malware.
In summary, FOR610 malware analysis training will teach you how to
* Build an isolated, controlled laboratory environment for analyzing the code and behavior of malicious programs
* Employ network and system-monitoring tools to examine how malware interacts with the file system, registry, network, and other processes in a Windows environment
* Uncover and analyze malicious jаvascript and other components of web pages, which are often used by exploit kits for drive-by attacks
* Control relevant aspects of the malicious program's behavior through network traffic interception and code patching to perform effective malware analysis
* Use a disassembler and a debugger to examine the inner workings of malicious Windows executables
* Bypass a variety of packers and other defensive mechanisms designed by malware authors to misdirect, confuse, and otherwise slow down the analyst
* Recognize and understand common assembly-level patterns in malicious code, such as code L injection, API hooking, and anti-analysis measures
* Assess the threat associated with malicious documents, such as PDF and Microsoft Office files
* Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts.

Links are Interchangeable - No Password - Single Extraction

Comments (0)

Users of Guests are not allowed to comment this publication.