RSA Malware Analysis
The RSA Malware Analysis program provides participants with the knowledge and skills to identify and act on actionable intelligence gathered through the process of malware analysis. participants are introduced to the threat landscape and common malware vectors. They learn to select and apply the tools and techniques required to reverse, monitor, and detect a malware threat. participants develop a workflow to gather intelligence and apply it to their security environment.
04 days (32 hours)
Upon completing the program, participants should be able to:
- Describe the RSA Cyber Defense recommended workflow for reverse engineering current malware threats.
- Assess the presence of malware on system.
- Examine behavior of malware and its interaction with its environment using dynamic analysis toolsand techniques.
- Analyze command and control (C2) communication methods to establish the intention and functionality of the malware.
- Deduce the program instructions of a malware executable through the use static analysis tools.
- Combine static and dynamic analysis methods to investigate more complex features of malware using disassembly and debugging tools.
- Collect and report actionable intelligence gained from reverse engineering malware.
- Recommend changes to a security program based upon actionable intelligence.
Who should attend
Security analysts, computer forensic investigators, incident responders who have basic knowledge of malware analysis and want to know more about the tools and techniques associated with gathering and responding to actionable intelligence.
1. Introduction to Malware Analysis
- Define the components of malware and how they work together to compromise a system
- Identify common malware vectors
- Describe the phases of the intrusion kill chain
- Outline the tasks involved in malware analysis
- Create a safe environment for investigating malware code and behavior
2. Assessing the Existence and Persistence of Malware
- Establish Indicators of Compromise
- Identify host-based artifacts
- Identify network-based artifacts
- Locate indicators of compromise
- Determine malware’s method of persistence
- Outline the procedure for assessing the presence of malware on a system
3. Dynamic Analysis of Malware
- Outline process of dynamic analysis
- Apply dynamic analysis techniques in order to investigate malware’s behavior in a virtual environment
- Examine malware execution using a debugger
- Identify anti-analysis techniques
- Defend against anti-analysis techniques
- Analyze commonly exploited file formats
4. Investigating Command and Control Communications
- Define command and control communication as used by malware
- List the types of activities an attacker engages in using C2
- Describe C2 techniques
- Outline the procedure to capture and analyze C2 traffic
- Describe how to set up an environment to investigate C2
- Identify the tools critical to C2 investigation
- Intercept SSL
- Address the issue of C2 Not Responding
5. Static Analysis of Malware
- Explain the process of static analysis
- List the outcomes of the static analysis process
- Classify sources of data viable for analysis
- Identify packing and obfuscation methods used by malware
- Describe how compressed files are able to avoid detection
- Disassemble malware executable code using IDAPro
- Organize information and data gained from static analysis
6. Advanced Malware Techniques
- Multiple layers of obfuscation
- Debugging using Ollydbg
- Analyze memory for the presence of rootkits using Volatility
7. Making Recommendations Based upon Actionable Intelligence
- Collecting Actionable Intelligence Gained from Malware Analysis
- Identify trends and problems to solve
- Communicate Actionable Intelligence
- Formulate recommendations
- Develop Yara rules to classify malware
Học trực tuyến
Học tại Hồ Chí Minh
Học tại Hà Nội