Students will spend a significant amount of time creating their own custom tools in a lab environment. The labs are designed around the students working through the following:
- Recognizing file format infections from various sources
- Advanced triage capabilities
- Extract host and network indicators from file format exploits
- Developing your own custom process trace capabilities for IOC extraction
- Rapid shell code analysis using the not so common tools and techniques
- Rapid binary de-obfuscation techniques with IDA Pro and Debuggers
- Rapid unpacking techniques
The labs will be interwoven into the lecture so that students will receive a significant amount of time exercising these new skills as they learn. By the end of the class students will have spent 50% of the time in a lab environment. A significant portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult adversary.
This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.
Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.
No prior reverse engineering experience is necessary.
The following will help:
- A concept of scripting languages such as Python/Perl/Ruby
- A familiarity with Windows administration
- A concept of malware analysis and reverse engineering malware processes
- Programming in C and previous knowledge of assembly will help students, but is not a must
- Laptop with administrative privileges
- Minimum 30 GB HDD and 4 GB RAM
- External USB access
- Virtualization software
- Windows 7 or above
- A copy of IDA Pro version 6.0 or greater
- Administrative privileges on your laptop
- Virtualization Software
- Custom VM labs will be provided
- RDP Client