Introduction
Introduction into IDA work flow and shellcode analysis. Main features of IDA required to reverse engineer: code, functions, structures, structure offsets. Reconstructing the metasploit’s API hashing algorithm.
X
X
X
X
Bali, 22-25 October: Kaspersky Security Analyst Summit. Register here
Participants ‘learn by doing’ using the hands-on virtual lab to practice on malware samples used in the wild by powerful APT actors.
Strengthen your skills with advanced static analysis techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!
Igor Kuznetsov is a Chief Security Researcher at Kaspersky. He participated in Kaspersky research on the most notorious APT campaigns and he’s packed the course full of his expertise and exclusive techniques.
Advanced
$2700 inc. tax per learner
Prerequisites
Advanced
$2700 inc. tax per learner
Prerequisites
Kaspersky opens a treasure-box: our legendary training program on Advanced Malware Analysis Techniques. It helps established reverse engineers, incident responders & digital forensics specialists level-up their work on cybersecurity incidents and become unique experts.
The main focus of the course is advanced static analysis because for cybersecurity incidents involving previously unseen malicious code, this is the most reliable way to determine functionality of the code and find actionable artefacts. It allows organizations affected by APTs to define adequate damage assessment and incident response.
The course also heavily features our exclusive know-hows on the automation of decryption, decoding and other processing of the samples which helps not only optimize routine tasks, but preserves your work in the code. You will be introduced to a custom static analysis framework (available for download), proven to be very efficient during decades of Kaspersky APT research.
Igor Kuznetsov, the course author, has participated in Kaspersky research on the most notorious APT campaigns. He has cherry-picked exercises from his own work to cover generic approaches to analysis in IDA Pro, using all important features and also to demonstrate unique cornerstone cases that require special treatment, which will super- charge your skills for the future.
Welcome to the elite club of malware researchers!
Director, Global Research & Analysis Team (GReAT)
Igor is the Director of the Global Research & Analysis Team (GReAT) at Kaspersky. His research focuses on investigating malware campaigns and employing reverse engineering techniques to understand advanced malware. His profound knowledge and skills have proven instrumental in understanding and countering complex cyber threats. He has more than 20 years of reverse engineering experience.
Igor specializes in investigating malware campaigns and reverse engineering advanced malware. His areas of expertise include cyber-espionage and highly-targeted attacks, advanced threat actors and APTs; cyber-warfare, cyber-weapons such as Stuxnet, Duqu, Flame, Gauss; ATM security. Igor regularly provides training sessions on advanced malware analysis.
Introduction into IDA work flow and shellcode analysis. Main features of IDA required to reverse engineer: code, functions, structures, structure offsets. Reconstructing the metasploit’s API hashing algorithm.
Practicing shellcode analysis: extracting the C&C from the Metasploit shell, code and data flow analysis, manual reconstruction of a structure, stack layout.
Unpacking a real-life sample found at a bank and analyzing the shellcode. Proceeding through all the layers of an msvfenom-wrapped Metasploit shellcode to extract the network IOC.
Introduction into static decryption, decrypting files using a static analysis framework. Practice on the Bangladesh CB heist case (Lazarus).
Introduction into decryption of malicious Windows PE files (a Regin driver). Dealing with malicious samples with blocks of encrypted data and RVA/RAW offsets.
Static analysis of a Sofacy OSX sample. Dealing with separate strings decrypted with a dedicated function. Reconstructing the decryption routine.
Full-scale reverse engineering of a single PE file (a driver from Equation). Using knowledge from tracks 1-6 to preprocess all encrypted data and then walk through all the code, reconstructing the business logic of the driver in IDA.
DIY disassembly and API hashing. Creating your own tiny disassembler to extract the API hashes from hand-written assembly code and then reconstructing an API hashing algorithm to revert all the hashes to API names. Using IDC files to transfer results to IDA.
Introduction to document-based exploit payloads: analysis of a malicious RTF example (RedOctober dropper) where you need to locate the exploit code, unpack several layers till you get to the final payload. Generic approach to dealing with weaponized RTF documents and embedded shellcode.
Exploit analysis of a malicious Word document (Office Equation exploit). Generic approach to analyzing OLE2 objects.
Practice: analysis of a weaponized OLE2 file embedded in an RTF container (CloudAtlas). Extracting several layers till the final payload.
Static analysis of a ROP chain from a PDF document (with Miniduke from). Generic mechanics of a ROP chain, reconstructing the business logic from code snippets.
Introduction to bytecode-compiled Python samples. Practice using a decompiler to extract the source code.
Generic approach to dynamic decryption/unpacking. Extracting the payloads from Cridex samples using the debugger.
Decompiling and analyzing .NET bytecode. Dynamic extraction of the payload.
Introduction to the Golang binaries. Static analysis, built-in structures, strings. Extracting and decrypting string constants.
InfoSec professionals
The course is intended for established reverse engineers, incident responders and digital forensics practitioners seeking to level up their work with cybersecurity incidents.
Enterprises
After completing this training your cybersecurity or SOC team will be able to implement full dynamic and static analysis of malware efficiently, automate routine tasks and find detailed actionable items for protection of your organization & incident response.
Cybersecurity consultancies
Specialist consultancies who need to train their team on relevant practical skills will also benefit from this course: their personnel will level up and will be able to create more effective cybersecurity products and malware analysis services for clients.
Guided video lectures
Learn from Igor Kuznetsov, Chief Security Researcher and member of Kaspersky’s revered Global Research and Analysis Team.
Hands-on virtual lab
Practice in our fully configured virtual lab on real targeted malware cases like Lazarus, Sofacy, Regin, Equation, RedOctober, Miniduke and Carbanak.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
6 months to complete your course from activation of your access code
Courses delivered in English with subtitles
Self-guided learning that fits around your life
100 hours of virtual lab time for hands-on learning
Static analysis framework, scripts from exercises and training materials are available for download
Browser-based via desktop, mobile & tablet
Igor Kuznetsov, Director of the Global Research & Analysis Team (GReAT)
About 60 videos to guide you through the course
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Reverse engineering
This course is your gateway to unlocking the full potential of a powerful reverse engineering tool Ghidra for advanced malware analysis.
Reverse engineering
The course features static and dynamic analysis of some outstanding and unique mobile malware including Android and iOS samples.
Reverse engineering
Get first-hand knowledge and best practices from exclusive research of 10 targeted malware cases used in the wild by powerful APT actors.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!