Skip to main content

OUR TRAINING

PROFICIENT LEVEL

CTI/MALWARE ANALYSIS

  • DURATION 3 Days
  • PRACTICE 95%
  • TRAINEES 5 to 10
  • LANGUAGE FR/EN
  • CERTIFIED DIATEAM

The first essential step in the training of a Cyber Threat Intelligence Analyst, the goal of this 3-day training course is to have a general knowledge of malware and to understand its operating principles: families, types, mechanisms, analysis and information to extract.

Who Should Attend ?

SOC Operator, Junior Analyst, Any IT specialist wishing to have a first expertise in CTI and malware analysis

SYLLABUS

1

  • Review of the different families of existing malware (stealer, trojan, webshell, …)
  • The different phases of a computer attack via the killchain (type APT, ransomware)
  • Analysis of a malicious pdf file depositing an excel file exploiting the CVE-2017-11882 vulnerability (points discussed: PDF and opendocument file format, features in a PDF, object com/CLSID)
  • Analysis of a malicious office document (points covered: vba macro, code obfuscation, use of olevba/vipermonkey, development of a script to automate deobfuscation)
2

  • Basics of Windows operation (Memory paging, kernel land / user land, Processes/Threads/Mutex/Handles, the difference between userland/kernel land)
  • PE format: headers, data directories (import table, export table, certificates, debug symbol;..) sections, section rights, address calculation, visualization in binary ninja
  • Analysis of a RAT only in RAM (points discussed: use of volatility, mutex, decryption of a RAT configuration)
  • Analysis of a RAT in .NET (points covered: .NET format, decompilation, configuration decryption, possible extraction of IOCs)
3

  • Techniques used by malware: RunPE, DLL injection, heap/stack packers, shellcode, network communications,…
  • Static analysis of a dll with its network traffic (points discussed: match a TTP specific to the backdoor family, network API, yara rules, hunting)
  • Dynamic analysis of GandCrab (points covered: debugger, depacker, shellcode, encryption algo, disk and IO traversal functions, network API, antidebug tricks)

KEY TARGETS

Get an up-to-date and concrete overview of Malware Industry

Be guided through your first real malware analysis

CERTIFIED TRAINING

DIATEAM provides Certificate Of Completion for every completed course. This certificate may be verified by contacting training@diateam.net using the enrolment ID from the given certificate.

Proficient Certificate
CONTACT US
DIATEAM ⋅ Made in France / fabriqué en France