The objective of this training program is to introduce participants with basic knowledge of programming, debugging and x86 assembly language to the art of Software Reverse Engineering and Malware Analysis. Various use-cases for Reverse Engineering and Malware Analysis along with live examples will be demonstrated during the session in order to impart a practical and result oriented training to the participants. The entire session will focus only on Win32 Platform however most of the techniques discussed are applicable for Win64 platform as well and some of them even for Linux or other Operating System platforms. Multiple CTF like challenges will be provided during the workshop in order to encourage the participants to try out various tools and techniques discussed during the session.
-
Introduction to Windows Platform
- Platform Overview
- Process Tracing and Analysis (Sysinternals Suite)
- Debugging Tools for Windows
- API Hooking
-
Portable Executable (PE) File Format
- PE File Format Internals
- PE Loader Process
-
Introduction to x86 Assembly Language
- Overview of x86 Architecture & Instruction Set
- Program Disassembly and Analysis
- Static Analysis using IDA Pro
-
Introduction to Malware Analysis
- Malware Behaviour and Classification
- Using Online Malware Analysis Services
- Dynamic Analysis of Malware Behaviour
- Building Malware Analysis Sandbox
-
Advanced Malware Analysis
- Introduction to Packers and Crypters
- Manual Unpacking of Malware
- Process Injection Techniques and Analysis
- Malware Anti-analysis Techniques and Evasion
-
Malware Analysis using Memory Forensics
- Live Memory Acquisition Tools and Techniques
- Memory Image Analysis using Volatility
- Kernel Rootkit Analysis using Volatility