This segment is provided for security professionals just entering the field or, those who are within a Security Operations Center or Response Operations environment to better their skills or advance their career into malware analysis. While the focus on this will be different types of malware, we will start with some basic attacks, lead ourselves into Phishing, then finally Malware. From that point we will discuss the analysis of different types of Malware.
The text-based course herein is broken down in a few ways. First we discuss an environment criticality that is based on user and then finally data. From this we then pivot into discussing phishing, phishing scams and types and, within this segment which types of markers, information and data that are critical for reporting and blocking. After which we will discuss the various types of malware within windows, setting up a testing environment, understanding VBS, Javascript, compiled malware and exploits with both static and dynamic analysis. We will also showcase tools, applications and scripts that we've built to help along the way as well as discuss OS X / MacOS and, Linux.
The chart below is broken down into a brief over-view of what topics are taught at a birds-eye view.
Topics Discussed
-
Data & System Criticality
Helps you understand the types of systems, users and, data that are within your environment. This portion establishes which systems and users hold the highest matrix for remediation. Without understanding your environment or the assets your organization is protecting you will force yourself into wasting time and resources on systems which do not need such a granular set of investigatory efforts. Creating or understanding a criticality will not only lower costs it will also limit the amount of fatigue you will undergo treating each investigation as a high importance! This topics will also cover commodity malware Vs. new malware that is just being detected which may be specific to your organization, organizations like yours or designed solely your environment.
-
Phishing
One of the biggest threats to an organization is a well placed phishing attempt. Whether this be from a compromised vendor, outside source or a simple "dear john" type of attempts. In these examples you will learn how to spot phishing campaigns, dissect phishing campaigns and finally how to obtain potential source code, compressed files or other supporting evidence which can help you create a more in-depth report. You will also learn how to utilize tools in which were created for this specific purpose and search more efficiently. Within phishing (as well as some of the malware examples) you will learn how to launch an effective OSINT search and utilize google to your advantage. From the information provided and gained you will also learn how to pivot from your findings to search your organization for threats that were engaged to help limit exposure.
-
Malware Analysis
In this section you will learn a number of tools from the Windows, Linux and MacOS prospectives. You will also learn how to utilize different operating systems and their respective command line utilities to investigate malware in a static sense. Some of the tools you will learn to utilize are but not limited to: binwalk, hexedit, strings, head, file, mount, find, lsof and others. You will learn to identify files with unknown extensions, extract iso, img, dmg files across operating systems as well as utilize the commercial tools for dynamic and static analysis. We will also provide information into tools to help you collect where files have written, modified, copied, deleted as well as where malware may have setup persistence. In addition to which you will learn how to decode obfuscated VBS, JS and PHP code. Combined with tools we have developed for tracking malware within your OS of choice or the OS it is being run on. Students will also learn how to utilize TCPdump, Wireshark and other network packet capture tools to aid in IOC collection.
-
Classification & Identification
Finally, we will help you establish tools and protections for your organization! In this segment we will discuss how you can utilize tools like YaRa, SQL Databases to find and quickly sift through IOC's that were seen before or are similar in nature. From this, we also demonstrate how to provide effective forecasting to help spot phishing and malware attempts before they become a problem. From this we will discuss SIEM tools and how to search your environment for engagements as well as help limit the risks with some forms of threat hunting.
