2023-09-10, 12:00–14:00 (Europe/Berlin), Pupin
This beginner's workshop introduces students to the basics of malware analysis. This includes how to source new malware samples for practice as well as where to find resources for self-directed learning going forward. Students will learn how triage malicious email attachments as well as how to work with automated malware analysis tools. As a capstone exercise, students will learn the basics of manual dynamic malware analysis using a controlled lab environment.
A common question from individuals who are curious and fascinated by malware analysis is "I want to learn malware analysis: where do I start?". This workshop is meant to be that starting place. The workshop is composed of a series of modules. The first module covers resources for a malware analyst including where to source new malware samples, tools for malware analysis, and learning resources. The second module covers how to triage a malicious email. This includes how to extract and decode malicious email attachments without using a mail client as well as how to safely handle malware samples in your lab environment. The third module covers how to work with automated malware analysis environments aka malware sandboxes. The fourth and final module for this level of workshop is how to work in a controlled lab environment to load a malware sample in a debugger and to observe malware behavior in the environment including file activity, registry changes, and network activity.
Everything needed for this workshop is provided in self-contained cloud lab environments generated separately for each student. The only requirements are that the student's workstation have a working wireless NIC that can connect to the workshop wifi network and a fully updated Chrome browser. Students should leave the workshop feeling confident in knowing the next steps in their quest for learning malware analysis.
Robert Simmons is Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.
Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine.