Training

This session covered the concept of rootkit and demonstrated some of the techniques used by the rooktits.   Demo Video 1: Mader – SSDT Hooking  Demo Video 2: Prolaco – Process Hiding using DKOM Demo Video 3: Darkmegi/waltrodock – Installs Device Driver  Demo Video 4: Carberp – Syscall Patch and Inline Hooks

This session discussed some of the protections added by the operating system and processors to mitigate the exploitation, and also presented some ways to bypass those protections.   DemoVideo 1: Heap Spray  DemoVideo 2: Bypassing DEP  

This session covered the basic techniques of exploitation, some of these techniques may not work on latest operating system due various protections added into them. But these techniques are very crucial to understand the basic nature of exploit     Demo Video 1: EIP Overwrite Demo Video 2: SEH Overwrite

This session covered the concept of basic and advanced malware analysis.   Video Demo   Demo Video 1: Basic Malware Analysis   Demo Video 2: Advanced Malware Analysis

Memory forensics is an investigation technique which involves examining the computer’s memory for forensic artifacts. This presentation covers the concept of memory forensics and shows how to perform memory forensics using an investigation scenario.   Video Demo

In reverse engineering understanding cryptographic functions and packers are the two most challenging and sophisticated tasks. In real life virtually all malwares use some form of packing so understanding packing/unpacking is one of the most important task in malware analysis. Check the reference section for additional material. We highly recommend Lena151 (see reference) material for […]

This session covers the concept of basic Reverse engineering. Malwares most of time uses packers and cryptors to thwart the analysis efforts, so it becomes important to understand the concept of unpacking. This presentation covers the concept of packer and a demo showing unpacking of packer called UPX.     Video Demo