Advanced Malware Analysis Advanced - 3 days - 3500€
Objectifs
In today's evolving threat landscape, malware authors employ increasingly sophisticated obfuscation techniques to evade detection. This training provides hands-on training for security professionals seeking to sharpen their malware analysis skills.
Participants will use tools like Ghidra SRE, x96dbg debugger, and the MIASM framework to dissect complex malware targeting Windows and UNIX. Emphasis is on emerging threats like Golang malware, multi-stage payloads, BPF backdoors, and heavily obfuscated loaders. The training covers countering anti-analysis techniques (sandbox evasion, anti-debug), recognizing obfuscation/encryption patterns for automated deobfuscation via Ghidra scripting, recovering Golang symbols from obfuscated samples, and analyse BPF backdoors.
- 3 days
- Malicious code analysed on different languages
- Study of multi-stage threats
Public and prerequisites
This training is intended for people already having good knowledge of malware analysis but willing to strengthen their skill in reverse engineering of complex pieces of malware, and to extract useful information for incident response and threat hunting. It is mainly intended for incident response teams, and threat analysts.
Practical knowledge of malware analysis and knowledge of PE and ELF (x86-64) reverse engineering. Basic GNU/Linux and Windows internals knowledge.
Content
Day 1
Windows and Linux analysis disruption techniques: Checks and bypasses implemented by malware to dynamically protect their code and hide their behaviour. Strategies to reduce debugging detection and VM footprint.
Day 2
Overview of common obfuscation techniques: API Call encoding and encryption, Opaque predicates, Control Flow Flattening...Tools and Ghidra Scripting: to recover symbols and reconstruct the execution flow. Multi-stage malware analysis: Analysis of complex malware implementing various strategies to evade detection, from the dropper to the final backdoor.
Day 3
Reverse engineering of modern threats: Golang and Rust malware analysis, understanding their respective structure and discovering dedicated obfuscation tools. Strategies to recover symbols and extract elements of interest. BPF backdoor analysis: eBPF introduction, Case study of an advanced BPF backdoor.
Toutes les modalités de déroulement de la formation sont détaillées sur cette page.