Short Version: Intro to Malware Analysis, 50/50 lectures to labs, labs will be CTF style challenges to improve skills

Long Version: As malicious software continues to thrive as an economy, the number of unique malicious samples in the wild increases. As such, the more malware analysts out there, the better. The goal of this course is to take you through the babby steps of malware analysis, such that if you were handed a sample you may be able to analyze it, determine its function and capabilities and suggest protections for it.

Malware analysis isn’t a classroom subject, you can’t learn it from reading a book or having someone lecture. The only way to learn it is to work through samples and gain a knowledge of the tools and tradecraft employed by malware authors. In order to maximize the amount of time you’ll be learning by digging through samples, this course will be a combination of lectures and labs, at about a 50/50 split. Lectures will focus on necessary materials to understand the topics, and labs will be CTF style challenges, targeted at improving certain skills and knowledge.

Requirements: Laptop with VMWare Fusion or Workstation installed

Course Takeaways: Basic knowledge of malware analysis and x86 malware Windows Analysis VM Printed Copy of Course Materials

Outlines (Subject to change based on students):

2 day course:

• Introduction
• Intro to Malware
  • Capabilities
  • Authors
  • Formats
• Triage
  • Static Tools
  • Lab
  • Dynamic Tools
  • Lab
• x86 Crash Course
  • Instructions
  • Functions/Calls/Stack
  • Intro to IDA
  • Lab
• Dynamic Analysis
  • Intro to IDA Debugger
  • Lab
• Windows Internals
  • Important APIs
  • Lab
• Final Lab

Bio:

Richard Wartell (@wartortell) is a reverse engineer and malware analyst who’s been digging in IDA Pro for 10+ years. He has a Phd in Computer Science with a focus on low level security. He also casts a mean ice punch and this isn’t even his final form.