APT Malware Analysis with Hands-On Labs

這堂課為了接近真實的環境，課程中會提供一個 Virtual Machine image，Image 中包含所有需要的分析工具與相關的病毒。對病毒做靜態分析、動態分析、反向工程等。整個課程分析 10+種病毒，10+種分析工具。

The learning objective is malware analysis by 100+ hands-on labs:

Memory dump analysis to identify suspicious running process, loaded LL, connections
PE file Static analysis by YARA, PEiD
Reverse engineering with IDA
Dynamic analysis with systemInternals tools
Analyze suspicious obfuscation (encoded) JavaScript manually
Wireshark for analysis network traffic analysis of APT malware
Opensource and Cloud Sandbox for malware analysis
Hands-on tutorial analysis for Malware samples such as Windows PE/EXE, DLL, SYS, PDF, HTML/JavaScript malware analysis, captured PCAP (network traffic), memory dump of infected APT host

Prerequisite

Evaluation

課程大綱

Course Name

Malware Analysis with Hands-On Labs

Duration

18 hours

Language

English

Target Audience

Attendee whom may be interested or involved with

Agenda

Session 1	Malware Analysis Report Anonymizing Activities Malware Source Static PE file Analysis by PEStudio, Strings, PEiD, YARA, TrID Case Study: Static Malware Analysis Lab 01~03
Session 2	Cloud sandbox analysis Case Study: FakeAV Downloader Analysis by WireShark Analysis Domain, IP Geo-Mapping IP Addresses With Python Case study: How to de-obfuscation JavaScript
Session 3	How to analyze memory dump for malicious activities? Case study: Infected APT hosts’ Memory dump analysis by “Volatility ” Case Study: Infected Network APT downloader Analysis by Wireshark
Session 4	Dynamic Malware Analysis with SystemInternals Case Study: Dynamic & Static Malware Analysis Lab 04~ 15 Case Study: Dynamic & Static Malware Analysis Lab 08~ 15