Session 7: Malware Memory Forensics
This session covered the tools and techniques to perform malware memory forensics. Demo Video 1 – Malware Memory Forensics Demo Video 2 – Malware Memory Forensics
14
11
Session 6: Malware Sandbox Analysis
This presentation covered the process of automating the analysis of malware using the custom written sandbox Demo Video 1 – Sanbox Analysis of Spybot Demo Video 2 – Sandbox Analysis of Zbot Demo Video 3 – Sandbox Analysis of Prolaco
2
Session 5: Reverse Engineering Automation (Scripts, plugins etc.)
This presentation covered the concept of automating reverse engineering using custom scripts and plugins.
2
Session 4: Anti-Analysis Techniques (Anti-debugging, Anti-VM etc.)
Most of the time it is common to encounter malware which performs anti-analyis techniques, understanding these techniques will help in analyzing such malwares.
2
Session 3: Botnet Analysis – Part 2
This session will introduce some more advanced methods of analysis and detection.
0
Session 2: Botnet Analysis – Part 1
This session will discuss some stealth techniques used by malwares and also demonstrates some rapid reversing techniques to accelerate the reversing tasks. Video Demo
2
Session 1: Detection and Removal of Malwares
This session will introduce you with some tools and tricks to identify and remove malwares from the infected system. [Note: View the video in 720HD quality] Demo Video 1 Demo Video 2 Demo Video 3 Demo Video 4
3
ShellDetect
Shell Detect is a tool to detect presence of Shell Code within a file or network stream. You can either provide raw binary file (such as generated from Metasploit or network stream file as input to this tool. These days attackers distribute malicious files which contains hidden exploit shell code. On opening such files, exploit shell […]
8
Session 12 – Case Study: Rootkit Analysis
This session covered the concept of rootkit and demonstrated some of the techniques used by the rooktits. Demo Video 1: Mader – SSDT Hooking Demo Video 2: Prolaco – Process Hiding using DKOM Demo Video 3: Darkmegi/waltrodock – Installs Device Driver Demo Video 4: Carberp – Syscall Patch and Inline Hooks
2
Session 11 – Practical Reversing Part VI – Exploit Development [advanced]
This session discussed some of the protections added by the operating system and processors to mitigate the exploitation, and also presented some ways to bypass those protections. DemoVideo 1: Heap Spray DemoVideo 2: Bypassing DEP