Malicious Code Reverse Engineering by IDA
This is reverse engineering training agenda. We primary use IDA to analyze some cases i.e. break password, malicious code, and DLL injection.
Malicious Code Reverse Engineering by IDA
Reverse Engineering is to tell the programming logic from the binary. The learning objective of the reverse engineering of the course is to –
- Uses of IDA to trace the EXE/DLL programming logics, API call,
- Runtime manipulation of the programming logics, and register values for a simulated password crack program
- Observation of DLL injection behavior
- Network communication downloader behavior, Http C&C, Sniffer, packet spoofing
How the course will proceed?
- Uses of IDA to inspect typical malicious DLL/EXE (DLL injection, CrackMe, Http C&C, downloader..)
- Hands on labs
When registration, please plan your time well to ensure your attendance and participation. 5-min presentation for your own troubleshooting case sharing will be required at the end of course.
Prerequisite
- Basic Windows OS concept. i.e. process and, thread.
- Uses of IDA or Assembly is nice to have
| Course Name |
Malicious code reverse Engineering by IDA |
| Speaker |
Tony Hsu |
| Duration |
6 hours |
| Language |
Chinese |
|
Agenda |
| Session 1 |
- Basic Uses of IDA pro
- CrackMe case Study
- DLL injection case study
- Downloader Case study
- Key Logger Case study
|
| Session 2 |
- Http connection C&C Case study
- OS/VM detection Case study
- User mode rootkit case study
- Homework
|
|
|