Loading…
BSidesSLC 2017 has ended
Here’s the schedule for this year. Registering here does not count. You MUST register to attend any of these. You may register here: https://www.bsidesslc.org/registration.html

You cannot manually add workshops to your schedule. You need to go register for them at https://www.bsidesslc.org/signup.html, and then the workshp will be added to your schedule.
Friday, March 10 • 10:00am - 12:00pm
Introduction to Malware Analysis Part 1 REGISTER FIRST
Tweet Share
Feedback form is now closed.
Limited Capacity filling up
https://www.bsidesslc.org/signup.html

This workshop will not be for grizzled malware analysts. This workshop is intended for those who are new to malware analysis or have a very limited exposure to it.  I will cover everything you need to start analyzing malware without learning how to reverse engineer binaries. I will cover, setting up a safe sandbox environment, detonating samples, identifying malware families,  and collect IOC's, and gathering as much information you can about a sample that you may come across.  
Current Working Outline:
  • Types of malware commonly seen today
  •    Web based
  •       Malicious websites that point to Exploit Kits
  •       iframes
  •       javascript
  •       java/flash objects
  •    File based
  •       Binary executables
  •       Microsoft Office Documents
  •       Visual Basic Scripts
  •       javascript files
  •       wsf files
  • Setting up a Sandbox Environment
  •    Setting up VPN access for your sandbox
  •    Installing and using tools for dynamic analysis
  •    Staying safe
  •       Handling of samples
  • Routing all VPN access through VPN
  • VM Snapshots
  • Static analysis of samples
  •    Strings
  •    Script extraction
  •    Script obfuscation
  •    Dynamic Analysis
  •    Watching behavior of sample detonation
  •       Process Hacker 2
  •       Child Process Spawning
  •       Process Migration
  • Process Memory Dumping
  •    Strings
  •    Fiddler 2
  •    HTTPS inspection
  •    Wireshark
  •    RegShot
  • Malware family identification
  •    Understanding family behaviors
  •    Memory Dump
  •    Strings in memory
  •    Volatility
  •    C2 communication methods
  • Tying it all together
  • Building IOCs from all the information we gathered from our analysis
  • If there is time, a peek into Cuckoo, automated Dynamic Analysis

 

ISOs/Software needed:

  • OSX or Linux Host OS (can probably use BSD too but ¯\_(ツ)_/¯  ). Feel free to bring Windows if you are feeling brave and able to troubleshoot yourself
  • VPN client on host OS with access to burnable public IP
  • Desktop Virtualization Software (I will be using VirtualBox)
  • Windows 7 32 bit Installation inside said Virtualization Software 
  • OfficeMalScanner
  • Process Hacker 2
  • Fiddler 2
  • Wireshark
  • HideToolz
  • RegShot
Speakers
DH

Danny Howerton

Danny is a SLC local with previous experience in Network Security Administration, IDS/AppID Signature writing, and Pentesting is now a Threat Analyst at Proofpoint and is responsible for tracking malware trends, campaigns, and actors. He has presented at a whole bundle of conferences... Read More →

Friday March 10, 2017 10:00am - 12:00pm MST
Workshop 2 Salt Palace Convention Center
  bsidesslc.org registration required

Attendees (48)