This workshop will not be for grizzled malware analysts. This workshop is intended for those who are new to malware analysis or have a very limited exposure to it. I will cover everything you need to

No ratings

Presented at BSidesSLC 2017 by

Danny Howerton

Current Working Outline: Types of malware commonly seen today Web based Malicious websites that point to Exploit Kits iframes javascript java/flash objects File based Binary executables Microsoft Office Documents Visual Basic Scripts javascript files wsf files Setting up a Sandbox Environment Setting up VPN access for your sandbox Installing and using tools for dynamic analysis Staying safe Handling of samples Routing all VPN access through VPN VM Snapshots Static analysis of samples Strings Script extraction Script obfuscation Dynamic Analysis Watching behavior of sample detonation Process Hacker 2 Child Process Spawning Process Migration Process Memory Dumping Strings Fiddler 2 HTTPS inspection Wireshark RegShot Malware family identification Understanding family behaviors Memory Dump Strings in memory Volatility C2 communication methods Tying it all together Building IOCs from all the information we gathered from our analysis If there is time, a peek into Cuckoo, automated Dynamic Analysis ISOs/Software needed: OSX or Linux Host OS (can probably use BSD too but ¯_(ツ)_/¯ ). Feel free to bring Windows if you are feeling brave and able to troubleshoot yourself VPN client on host OS with access to burnable public IP Desktop Virtualization Software (I will be using VirtualBox) Windows 7 32 bit Installation inside said Virtualization Software OfficeMalScanner Process Hacker 2 Fiddler 2 Wireshark HideToolz RegShot