* Cantinho Satkeys

Refresh History
  • FELISCUNHA: ghyt74   49E09B4F  e bom feriado   4tj97u<z
    Hoje às 10:39
  • JPratas: try65hytr Pessoal  h7ft6l k7y8j0
    Hoje às 03:51
  • j.s.: try65hytr a todos  4tj97u<z
    30 de Outubro de 2024, 21:00
  • JPratas: dgtgtr Pessoal  4tj97u<z k7y8j0
    28 de Outubro de 2024, 17:35
  • FELISCUNHA: Votos de um santo domingo para todo o auditório  k8h9m
    27 de Outubro de 2024, 11:21
  • j.s.: bom fim de semana   49E09B4F 49E09B4F
    26 de Outubro de 2024, 17:06
  • j.s.: dgtgtr a todos  4tj97u<z
    26 de Outubro de 2024, 17:06
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana
    26 de Outubro de 2024, 11:49
  • JPratas: try65hytr Pessoal  101yd91 k7y8j0
    25 de Outubro de 2024, 03:53
  • JPratas: dgtgtr A Todos  4tj97u<z 2dgh8i k7y8j0
    23 de Outubro de 2024, 16:31
  • FELISCUNHA: ghyt74  pessoal   49E09B4F
    23 de Outubro de 2024, 10:59
  • j.s.: dgtgtr a todos  4tj97u<z
    22 de Outubro de 2024, 18:16
  • j.s.: dgtgtr a todos  4tj97u<z
    20 de Outubro de 2024, 15:04
  • FELISCUNHA: Votos de um santo domingo para todo o auditório  101041
    20 de Outubro de 2024, 11:37
  • axlpoa: hi
    19 de Outubro de 2024, 22:24
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana  4tj97u<z
    19 de Outubro de 2024, 11:31
  • j.s.: ghyt74 a todos  4tj97u<z
    18 de Outubro de 2024, 09:33
  • JPratas: try65hytr Pessoal  4tj97u<z classic k7y8j0
    18 de Outubro de 2024, 03:28
  • schmeagle: iheartradio
    17 de Outubro de 2024, 22:58
  • j.s.: dgtgtr a todos  4tj97u<z
    17 de Outubro de 2024, 18:09

Autor Tópico: Advanced Ransomware Reverse Engineering  (Lida 289 vezes)

0 Membros e 1 Visitante estão a ver este tópico.

Online mitsumi

  • Moderador Global
  • ***
  • Mensagens: 115351
  • Karma: +0/-0
Advanced Ransomware Reverse Engineering
« em: 20 de Outubro de 2019, 16:34 »

Advanced Ransomware Reverse Engineering
.MP4 | Video: 1280x720, 30 fps(r) | Audio: AAC, 48000 Hz, 2ch | 900 MB
Duration: 1 hours | Genre: eLearning Video | Language: English

Reverse engineering. Advanced Debugging, Obfuscations and Anti-Analysis. Writing decryptors

What you'll learn

    This course is a continuation of our first class, Reverse Engineering Malware, but don't worry, that is not a pre-requisite. You can start with this course and just dive in. However, if you feel like starting from the basics, we encourage you to check it out!
    Identify and work around anti-virtualisation techniques deployed inside malware samples
    Dynamic analysis of sample's activity on a Windows box
    Advanced debugging techniques
    Use static analysis to discover and understand encryption algorithms
    Discover, and work-around, obfuscation tricks and anti-static analysis tricks
    Discover flaws that allow us to recover encrypted files
    Write decryptors in Python and C
    Patience and a lot of perseverance to "try harder"

Requirements

    A computer that can run a Windows virtual machine.
    An interest in disassembling things and understanding how they work!
    Basic assembly knowledge about common instructions, registers, conditional branches
    Basic programming knowledge and ability to understand simple Python and C source code

Description

Hello and welcome to our Advanced Reverse Engineering Ransomware class!

This course is a continuation of our first class, Reverse Engineering Malware, but don't worry, that is not a pre-requisite. You can start with this course and just dive in. However, if you feel like starting from the basics, we encourage you to check it out!

The aim of this course is to provide a practical approach to analysing ransomware. More specifically, we will attack the following topics:

    Identify and work around anti-virtualisation techniques deployed inside malware samples

    Dynamic analysis of sample's activity on a Windows box

    Advanced debugging techniques

    Use static analysis to discover and understand encryption algorithms

    Discover, and work-around, obfuscation tricks and anti-static analysis tricks

    Discover flaws that allow us to recover encrypted files

    Write decryptors in Python and C

The course begins by going through the necessary precaution measures when working with malware, then quickly dives in analysing actual samples. Since Windows is by far the most popular target platform, we will focus on this operating system.

Neither professional programming experience nor assembly language knowledge are required to benefit from the course, although they would be very helpful when we'll look at identifying encryption algorithms and bypass anti-virtualisation checks. The concepts will be explained in a clear and concise manner and additional resources will be recommended.

Some programming experience will be very beneficial when we'll start writing decryptors. However, the focus will be mostly on understanding the algorithms and specifically what information we need to do successful decryptions. For this reason, full Python and C source code will be provided.

To get the most out of this course, we recommended to exercise all the steps described within the lectures and whenever a concept or idea is not fully explained or clearly understood, either reached out with questions on the Q&A section or consult online resources.

Why take this course?

Mostly because you like a practical malware analysis course focused on a real threat - ransomware. Also because you're curious how ransomware are reversed by people or companies that routinely write public decryptors.

This course intention is to be useful and interesting to everybody involved in information security and malware analysis, from students to security testers and forensic investigators.

If you decide you love reverse engineering and wish to further develop your skills, other resources will be suggested along the way.

The course will explain how to use process monitoring tools, hex editors, debuggers and disassemblers.

A lot of the concepts and analysis strategies presented here apply to analysing malware in general.

Once you have completed this training course, you will be more confident and capable to identify anti-virtualisation and anti-static analysis tricks.

You will also be able to debug your samples in any debugger and disassembler.

You will be able to identify encryption algorithms and write decryptors for your own samples.

Samples and scripts are included, so you can follow along with us throughout the lessons. IDA scripts, Python and C source code is provided for various tasks needed throughout the class.

Who is this course for?

This course is for anyone interested in information security in general and malware analysis in particular, including but not only:

    Security testers

    Malware analysts

    Forensics investigators

    System administrators

    Information security students

Who this is not?

    This course is not an introduction to malware. It only focuses on the sub-topic of ransomware.

    Basic experience with assembly and programming languages will be very helpful, because this is not an introduction to assembly.

    Although safety issues are presented, this is not a tutorial on how to configure a malware analysis virtual environment.

    Although general information is presented, this is not an elaborate high-level description of ransomware.

    Solutions for attempting to reverse the encryption process and recover files are presented, but this is not a course about how to prevent ransomware in the first place.

    Basic familiarity with reverse engineering concepts would be very useful, because this is not an introduction to reverse engineering.

    Although it should be obvious, this is not a tutorial on how to write better ransomware.

What am I going to get?

    The lectures, videos and other resources will provide you with relevant information about current malware analysis tricks

    You will learn how to confidently use any debugger and disassembler

    You will learn to identify flaws in the                                                                                                                                                                                                ransomware code or encryption logic

    You will learn how to write scripts for IDA Pro

    You will get a relevant quiz at the end to test your understanding

    Python and C source code for the decryptors and IDA scripts

Minimum requirements :

At minimum, you will have:

    A computer that can run a Windows virtual machine.

    An interest in disassembling things and understanding how they work!

    Basic assembly knowledge about common instructions, registers, conditional branches

    Basic programming knowledge and ability to understand simple Python and C source code

Who this course is for:

    Security testers
    Malware analysts
    Forensics investigators
    System administrators
    Information security students
       

               

Download link:
Só visivel para registados e com resposta ao tópico.

Only visible to registered and with a reply to the topic.

Links are Interchangeable - No Password - Single Extraction