O Outro Lado BSidesSP ed 4/Introduction to Malware Analysis
Oficina Introduction to Malware Analysis
Horário: 10:10 as 11:50
Duração: 1h30 (mais 10 minutos para perguntas e respostas)
Local: Garoa Village (Mesa 1)
Capacidade: Máximo de 10 pessoas
This workshop will give attendees the opportunity to learn the basics of malware analysis. The objective is to provide a general overview of what it takes to analyze malware on the Windows platform, and share resources that will enable attendees to continue learning about malware analysis. The following topics will be briefly covered:
- Analysis environment
- Behavioral analysis
- Code analysis
- Malware forensics
Who should attend: Anyone interested in malware analysis and reverse engineering. While the workshop does not require previous experience in this field, attendees are expected to know the basic concepts related to Windows internals, programming and networking. Basic understanding of Assembly, C/C++ and Windows APIs is beneficial, but not required.
Recommended Hardware: Laptop with a virtual machine running Windows XP or above. If a laptop is not available, the attendee may watch the demo and/or share the laptop with another person. Due to time restrictions, we will not be able to troubleshoot any laptop/VMs not working properly.
Recommended tools to be installed on the VM:
- CFF Explorer
- Process Monitor
- Process Explorer: part of SysInternals
- Process Hacker
- Network Monitor
- IDA Freeware or IDA 6.3 Demo
- Wireshark (please install it on the host operating system)
Leo Fernandes is a security engineer at Verisign (iDEFENSE), primarily analyzing and reverse-engineering malware. His information technology career includes experience in computer virus research, networking, and systems administration. His security interests also include banking Trojans and DDoS malware, automated debugging techniques and computer forensics. He has previously held positions at Computer Associates and HCL America. He holds a BS from Strayer University in Information Systems and Microsoft certifications MCSE, MCSA and MCP.