Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views4 pages

Course Plan - Practical Malware Analysis

Uploaded by

bashok.aero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views4 pages

Course Plan - Practical Malware Analysis

Uploaded by

bashok.aero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Practical Malware Analysis & Triage Course Curriculum - 10+ Hours

Course Introduction

Hey, thanks! (0:14)

Whoami & Course Overview (5:55)

Course Discord Information

Safety Always! Building Your Malware Analysis Lab & Malware Safety

Downloading VirtualBox (2:29)

Downloading Windows 10 (2:05)

Setting Up the Windows 10 VM (8:12)

Downloading REMnux (1:10)

Installing REMnux (2:05)

Installing FLARE-VM (16:45)

Analysis Network Setup (7:26)

INetSim Setup (13:16)

Host-only Safety & Internal Networks

Lab VM Repo Link

Rapid-deployable Cloud Malware Analysis Lab Setup

Course Lab Repo Link

Course Lab Repo Download & Lab Orientation (4:00)

Taking a Snapshot Before First Detonation (1:29)

Detonating Our First Sample (5:57)

Tool Troubleshooting (5:05)

Course Tool List & Resources

Basic Malware Handling (8:52)

Safe Malware Sourcing & Additional Resources (6:50) – theZoo,


Basic Static Analysis

Hashing Malware Samples (3:45)

Malware Repositories: VirusTotal (2:49)

Strings & FLOSS: Static String Analysis (8:03)

Analyzing the Import Address Table (7:36)

Introduction to the Windows API (6:00)

MalAPI.io (4:08)

To Pack Or Not To Pack: Packed Malware Analysis (9:42)

Combining Analysis Methods: PEStudio (6:45)

Identifying Malware Capabilities & Intro to MITRE ATT&CK

Note Review (1:59)

Basic Dynamic Analysis

Basic Dynamic Analysis Intro: Host and Network Indicators (3:39)

Initial Detonation & Triage: Hunting for Network Signatures (8:44)

Host-Based Indicators: Procmon Part I (7:44)

Host-Based Indicators: Procmon Part II (6:06)

Dynamic Analysis of Unknown Binaries Part I: Analyzing Wireshark (13:02)

Dynamic Analysis of Unknown Binaries Part II: Host-Based Indicators (21:19)

Analyzing a Reverse Shell Part I: Correlating IOCs (18:12)

Analyzing a Reverse Shell Part II: Parent-Child Process Analysis (6:43)

Challenge 1: SillyPutty

Challenge 1: SillyPutty Intro (1:43)

Challenge 1: SillyPutty Walkthrough (18:21)

Advanced Static Analysis: Assembly Language, Decompiling, & Disassembling Malware

Intro to Advanced Analysis & Assembly Language (10:01)

Disassembling & Decompiling a Malware Dropper: Intro to Cutter (8:46)

x86 CPU Instructions, Memory Registers, & the Stack: A Closer Look (13:06)
Revisiting the Dropper: Assembly Instructions and the Windows API (8:17)

Hello, World! Under a Microscope Part I (18:31)

Advanced Analysis of a Process Injector (16:56)

Advanced Dynamic Analysis: Debugging Malware

Getting Comfortable in x32dbg: Flow Control & Breakpoints (12:59)

Debugging the Dropper: Dynamic Analysis of x86 Instructions & API Calls (17:49)

Hello, World! Under a Microscope Part II (14:27)

Challenge 2: SikoMode

Challenge 2: SikoMode Intro (1:37)

Challenge 2: SikoMode Walkthrough (20:18)

Bonus Lecture: Live Analysis of Challenge 2 SikoMode Twitch Stream with Taggart

Binary Patching & Anti-analysis

Patch it out: Patching x86 Binaries

Identifying & Defeating Anti-analysis Techniques

Specialty Malware Classes

Specialty Malware Classes

Gone Phishing: Maldoc Analysis

Analyzing Excel Maldocs: OLEdump (10:55)

Analyzing Word Maldocs: Remote Template Macro Injection (7:35)

What The Shell? Shellcode Analysis

Analyzing Shellcode: Carving Shellcode & scdbg (14:29)

Carving Shellcode from Memory (13:00)


Off-Script: Scripted Malware Delivery Mechanisms

PowerShell: Analyzing Obfuscated Scripts (12:25)

VBScript: Analyzing a Multi-Stage MSBuild Dropper (13:58)

HTML Applications (HTA): Wrapped Payloads, Scripted Delivery, & WMI

Stay Sharp: Reversing C# Malware

Intro to Reversing C# & the .NET Framework (8:24)

Reversing an Encrypted C2 Dropper DLL with dnSpy (13:37)

Go Time: Analyzing Go Malware

Programming Language Recognition & Analyzing a Go Service Backdoor (9:33)

Get Mobile! Mobile Malware Analysis

Lab Update: Installing MobSF (4:54)

Intro to MobSF (7:58)

The Bossfight! Analyzing Real-World Malware Samples

WannaCry.exe Introduction (1:29)

WannaCry.exe Walkthrough (28:33)

Automation: Sandboxes & Pipelines

BlueJupyter: Automating Triage with Jupyter Notebooks (17:04)

Any.Run: Malware Sandboxing (5:17)

Advanced Script Analysis with ChatGPT (15:45)

Tell The World: Rule Writing & Report Publishing

Writing YARA Rules (16:59)

Detecting Malware with YARA (7:33)

Writing & Publishing a Malware Analysis Report (10:06)

You might also like