Softwarez.Info - Software's World!
Windows Malware Analysis for Hedgehogs - Beginner Training - Printable Version

+- Softwarez.Info - Software's World! (https://softwarez.info)
+-- Forum: Library Zone (https://softwarez.info/Forum-Library-Zone)
+--- Forum: Video Tutorials (https://softwarez.info/Forum-Video-Tutorials)
+--- Thread: Windows Malware Analysis for Hedgehogs - Beginner Training (/Thread-Windows-Malware-Analysis-for-Hedgehogs-Beginner-Training)

Windows Malware Analysis for Hedgehogs - Beginner Training - Farid - 09-13-2023

[Image: 65rXLJ.siqah48r7hk7.jpg]

Windows Malware Analysis For Hedgehogs - Beginner Training
Published 9/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 6.30 GB | Duration: 11h 16m
Learn what really matters from an actual analyst: malware reversing, clean vs malware, report writing, unpacking

Overview

Section 1: Introduction to Malware Analysis

Lecture 1 Introduction

Lecture 2 Analysis process

Section 2: Malware lab setup

Lecture 3 Malware Analysis Lab

Lecture 4 Download links

Lecture 5 Installing VirtualBox Windows 10 VM

Lecture 6 Installing VirtualBox Guest Additions

Lecture 7 Enabling hidden files view and removing Windows Defender

Lecture 8 Sample handling: Course samples and password protected archives

Lecture 9 Sample handling: Shared folder setup

Lecture 10 Sample handling: Prevent execution via ACLs (Windows host only)

Lecture 11 Network, snapshots and first sample execution

Lecture 12 Safety rules summary

Section 3: Triage and file type basics

Lecture 13 What is triage

Lecture 14 Download links

Lecture 15 Lab Triage 1: Determine file types of unknown samples

Lecture 16 What is a file type

Lecture 17 Lab Triage 2: Whole file examination

Lecture 18 Antivirus detection names and formats for malware

Lecture 19 Deciphering antivirus detection names for malware

Lecture 20 Lab Triage 3: VirusTotal autoscans and first research

Lecture 21 Lab Triage 4: Final analysis

Lecture 22 Lab: Exercise solution

Section 4: Wrapped files and installers

Lecture 23 Finding the malware developer's code

Lecture 24 Wrapped files

Lecture 25 Tools and links

Lecture 26 Lab Wapped files 1: Triage of a wrapped file

Lecture 27 Lab Wrapped files 2: Obtaining the script with ACLs

Lecture 28 Lab Wrapped files 3: Wrapped file payload analysis

Lecture 29 Lab Wrapped files 4: Obtaining the script with APIMonitor

Lecture 30 Installers

Lecture 31 Lab Installers 1: Layer 1 Unpacking Nullsoft

Lecture 32 Lab Installers 2: Layer 2 Extract 7zip SFX files

Lecture 33 Lab Installers 3: Extract 7zip SFX configuration

Lecture 34 Lab Installers 4: Triage of multiple files

Section 5: Malware Persistence and Disinfection Basics

Lecture 35 Auto Start Extensibility Points (ASEPs)

Lecture 36 The Windows Registry

Lecture 37 Links

Lecture 38 Lab: Services

Lecture 39 Lab Disinfection 1: Autoruns - Run, IFEO

Lecture 40 Lab Disinfection 2: RunOnce, Active Setup, Scheduled Tasks, LNKs

Section 6: Portable Executable format and .NET

Lecture 41 Introduction to Portable Executable files

Lecture 42 Portable Executable format basics

Lecture 43 PortexAnalyzer and DnSpy download

Lecture 44 Lab PE 1: MS DOS stub, COFF file header, timestamps and REPRO builds

Lecture 45 Lab PE 2: Optional header and section table

Lecture 46 Lab PE 3: Resources, icons, debug path, imports

Lecture 47 Lab PE 4: Anomalies and visualization

Lecture 48 Compilation and Interpretation

Lecture 49 Lab .NET 1: .NET basics and triage

Lecture 50 Lab .NET 2: Running the file, DnSpy basics

Lecture 51 Lab .NET 3: Code search in DnSpy

Section 7: File analysis verdicts

Lecture 52 Analysis types

Lecture 53 File analysis verdicts

Lecture 54 Clean vs malicious-approaches for clean file analysis

Lecture 55 Tools for binary diffing and finding hidden certificate data

Lecture 56 Installing the bindiff and certificate tools

Lecture 57 Lab diffing 1: Binary diffing with vbindiff and meld

Lecture 58 Lab diffing 2: Identify certificate manipulation

Lecture 59 How signature verification works

Lecture 60 Lab diffing3: Force strict signature verification

Lecture 61 Mapping detection names to file verdicts

Section 8: Malware classification and analysis reports

Lecture 62 Writing analysis reports

Lecture 63 Malware Classification

Lecture 64 Malware types by propagation

Lecture 65 Malware types by payload behavior

Lecture 66 Malware family identification

Lecture 67 Tools and links

Lecture 68 Lab report writing 1: Main analysis of a downloader

Lecture 69 Lab report writing 2: ICC profile extraction with exiftool

Lecture 70 Lab report writing 3: Malware decryption with CyberChef

Section 9: Ghidra basics

Lecture 71 Ghidra introduction

Lecture 72 Download link for Ghidra

Lecture 73 Lab preparation: Installing Ghidra

Lecture 74 Lab Ghidra 1: New project, file import and autoanalysis

Lecture 75 Lab Ghidra 2: Windows in the codebrowser part 1

Lecture 76 Lab Ghidra 3: Windows in the codebrowser part 2

Lecture 77 Lab finding main 1: MinGW and VisualStudio C++ applications

Lecture 78 Lab finding main 2: A more difficult application

Section 10: Debugging basics with x64dbg

Lecture 79 x64dbg introduction

Lecture 80 Download links and bookmarks

Lecture 81 Lab x64dbg 1: CPU view windows

Lecture 82 Lab x64dbg 2: Navigation

Lecture 83 Lab x64dbg 3: Software breakpoints

Lecture 84 Lab x64dbg 4: Hardware breakpoints

Lecture 85 Lab x64dbg 5: Memory breakpoints

Lecture 86 Lab ASLR 1: Rebasing and DllCharacteristics in the Optional Header

Lecture 87 Lab ASLR 2: Hex to Bin Conversion, Bitmasks and Disabling Exploit Protection

Section 11: Ransomware analysis with Ghidra and x64dbg

Lecture 88 Legion ransomware intro

Lecture 89 Lab Legion ransomware 1: Triage

Lecture 90 Lab Legion ransomware 2: Finding main

Lecture 91 Lab Legion ransomware 3: Date check markup

Lecture 92 Lab Legion ransomware 4: Finding the encryption function

Lecture 93 Lab Legion ransomware 5: Understanding the encryption

Lecture 94 Lab Legion ransomware 6: Patching with x32dbg

Lecture 95 Lab Legion ransomware 7: Ransomware monitoring and file decryption test

Section 12: Packers and unpacking methods

Lecture 96 How packers work

Lecture 97 Unpacking methods

Lecture 98 Unpacking stub types and how they work

Lecture 99 Download links and documentation

Lecture 100 Installing Python 3 and Speakeasy

Lecture 101 Lab Winupack 1: packing, fix disassembly in x32dbg

Lecture 102 Lab Winupack 2: Find OEP via tracing, dump and fix imports

Lecture 103 Lab Winupack 3: Find OEP via hardware breakpoint on stack

Lecture 104 One generic unpacking approach

Lecture 105 Lab Poison 1: Speakeasy API logging

Lecture 106 Lab Poison 2: Unpacking via RtlDecompressBuffer

Lecture 107 Lab Injector DLL: Unpacking via VirtualAlloc

ideal for people with some IT experience or IT enthusiasts who are beginners in malware analysis and reverse engineering,entry-level or aspiring malware analysts,computer science graduates,software developers,SOC analysts,hobby programmers

Windows Malware Analysis for Hedgehogs - Beginner Training (6.31 GB)

KatFile Link(s)

[To see links please register or login]

RapidGator Link(s)

[To see links please register or login]