Here is the complete reference guide to all sessions of ourAdvanced Malware Analysis Training program.
Session 1 -Detection & Removal of Malware's
- GMER – Anti-rootkit Tool http://www.gmer.net/
- SpyDLLRemover – Tool to Remove Malicious DLLs from Process http://bit.ly/csujQX
- SpyBHORemover – Tool to Remove Malicious BHOs from Process http://bit.ly/1zGRN
- VirusTotal Scanner – Desktop Tool for Quick Anti-virus Scan http://bit.ly/Lir4Qz
- TCPView – http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
- AutoRuns – Manage Startup Entries http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
- Demo Video 1 – http://youtu.be/cV4Uln6BGUQ
- Demo Video 2 – http://youtu.be/2NORHci6tbw
- Demo Video 3 – http://youtu.be/sMtcaXNstw0
- Demo Video 4 – http://youtu.be/S-awFK4pNpM
Session 2 -Botnet Analysis Part I
- About Botnet – History, Attacks & Countermeasures
- Windows Asynchronous Procedure Calls
- About Waledac Botnet – http://en.wikipedia.org/wiki/Waledac_botnet
- Demo Video – Waledac Botnet Analysis – https://vimeo.com/57755964
Session 3 -Botnet Analysis Part II
- Dynamic Taint Analysis and forward Symbolic Execution
- Taint Checking – Introduction
- Dytan: A Generic Dynamic Taint Analysis Framework
- Valgrind – Framework for building dynamic analysis tools
- Taint Analysis for Automatic Malware Detection
- TTAnalyze: A Tool for Analyzing Malware
- JACKSTRAWS: Picking C & C Connections from Bot Traffic
- BackTracking Intrusion
Session 4 -Anti-Analysis Techniques
Session 5 -Reversing Automation
- IDAPython in a Nutshell
- API Call Tracing – PEfile, PyDbg and IDAPython
- pefile – Python module for PE (Portable Executable) Files
- Book: Grey Hat Python
- Malpimp – Malpimp – Advanced API Tracing Tool