This beginner's workshop introduces students to the basics of malware analysis. This includes how to source new malware samples for practice as well as where to find resources for self-directed learning going forward. Students will learn how triage malicious email attachments as well as how to work with automated malware analysis tools. As a capstone exercise, students will learn the basics of manual dynamic malware analysis using a controlled lab environment.

This workshop examines how to use the Qiling instrumented binary emulation framework to analyze PE malware executables. Students will learn about how to interact with the framework using Python code to detect execution conditions and to dynamically run custom analysis code. Specific skills the student will learn are dumping memory containing the next malware stage for further analysis as well how to circumvent anti-analysis features added to the malware by the adversary with the intent of foiling the malware analyst.