Reversing & malware analysis training part 1 lab setup guide

•Download as PPTX, PDF•

17 likes•28,613 views

This presentation is part of our Reverse Engineering & Malware Analysis Training program. For more details refer our Security Training page http://securityxploded.com/security-training.php

Technology

Disclaimer
The Content, Demonstration, Source Code and Programs presented here
is "AS IS" without any warranty or conditions of any kind. Also the
views/ideas/knowledge expressed here are solely of the trainer’s only and
nothing to do with the company or the organization in which the trainer is
currently working.

However in no circumstances neither the trainer nor SecurityXploded is
responsible for any damage or loss caused due to use or misuse of the
information presented here.

www.SecurityXploded.com

Acknowledgement
 Special thanks to null & Garage4Hackers community for their extended
support and cooperation.
 Thanks to all the trainers who have devoted their precious time and
countless hours to make it happen.

www.SecurityXploded.com

Reversing & Malware Analysis Training

This presentation is part of our Reverse Engineering & Malware
Analysis Training program. Currently it is delivered only during our local
meet for FREE of cost.

For complete details of this course, visit our Security Training page.

www.SecurityXploded.com

Who am I #1
Amit Malik (sometimes DouBle_Zer0,DZZ)
 Member SecurityXploded & Garage4Hackers
 Security Researcher
 RE, Exploit Analysis/Development, Malware Analysis
 Email: m.amit30@gmail.com

www.SecurityXploded.com

Who am I #2
Swapnil Pathak
 Member SecurityXploded
 Security Researcher
 RE, Malware Analysis, Network Security
 Email: swapnilpathak101@gmail.com

www.SecurityXploded.com

Introduction
 This Guide is specific to our course

 Although it will cover most of the tools and techniques for
an analysis environment

 Our main focus is on the famous tools

www.SecurityXploded.com

Virtualization
 Run multiple OS on the single hardware at the same time.

 Advanced functionalities like Snapshot, Revert Back, pause
etc.

 Automation

 Controlled environment

www.SecurityXploded.com

Virtualization Tools
 VmWare (Commercial)

 VirtualBox (Open Source – free)

 Images – XpSp2, XpSp3

www.SecurityXploded.com

VirtualBox Image

www.SecurityXploded.com

Tools Development
 Compiler/IDE
 Dev C++ (Free) - preferred

 Microsoft Visual C++ (Commercial)

 Assemblers
 MASM (Free) -preferred

 NASM (Free)

 Winasm (IDE) (Free)

 Interpreters
 Python (Free)

www.SecurityXploded.com

Tools Reverse Engg.
 Disassembler:

 IDA Pro (Download free version)

 Debuggers

 Ollydbg

 Immunity Debugger

 Windbg

 Pydbg (optional)

www.SecurityXploded.com

Tools Reverse Engg. Cont.
 PE file Format
 PEview, PEbrowse, LordPE, ImpRec, Peid, ExeScan

 Process Related
 ProcMon, Process explorer

 Network Related
 Wireshark, TcpDump, Tshark, TCPView

 File, Registry Related
 Regshot, filemon, InstallwatchPro, CaptureBat

www.SecurityXploded.com

Tools Reverse Engg. Cont.
 Misc.

 CFFExplorer, Notepad++, Dependency Walker,
Sysinternal tools

 If something additional is required then we will cover that in
the respective lecture

www.SecurityXploded.com

Reference
 Complete Reference Guide for Reversing & Malware
Analysis Training

www.SecurityXploded.com

What's hot

Reversing & malware analysis training part 2 introduction to windows internals

securityxploded

Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]

securityxploded

Reversing & malware analysis training part 3 windows pe file format basics

securityxploded

Primer on password security

securityxploded

Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques

securityxploded

Reversing & Malware Analysis Training Part 13 - Future Roadmap

securityxploded

Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...

securityxploded

Advanced Malware Analysis Training Session 8 - Introduction to Android

securityxploded

Anatomy of Exploit Kits

securityxploded

Application Virtualization

securityxploded

Advanced malware analysis training session 7 malware memory forensics

Cysinfo Cyber Security Community

Advanced malwareanalysis training session2 botnet analysis part1

Cysinfo Cyber Security Community

Reversing malware analysis training part11 exploit development advanced

Cysinfo Cyber Security Community

Reversing malware analysis training part7 unpackingupx

Cysinfo Cyber Security Community

Advanced malware analysis training session5 reversing automation

Cysinfo Cyber Security Community

Defeating public exploit protections (EMET v5.2 and more)

securityxploded

Reversing malware analysis training part6 practical reversing

Cysinfo Cyber Security Community

Hunting Rootkit From the Dark Corners Of Memory

securityxploded

Advanced malware analysis training session8 introduction to android

Cysinfo Cyber Security Community

Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)

securityxploded

What's hot (20)

Reversing & malware analysis training part 2 introduction to windows internals

Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]

Reversing & malware analysis training part 3 windows pe file format basics

Primer on password security

Advanced Malware Analysis Training Session 4 - Anti-Analysis Techniques

Reversing & Malware Analysis Training Part 13 - Future Roadmap

Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...

Advanced Malware Analysis Training Session 8 - Introduction to Android

Anatomy of Exploit Kits

Application Virtualization

Advanced malware analysis training session 7 malware memory forensics

Advanced malwareanalysis training session2 botnet analysis part1

Reversing malware analysis training part11 exploit development advanced

Reversing malware analysis training part7 unpackingupx

Advanced malware analysis training session5 reversing automation

Defeating public exploit protections (EMET v5.2 and more)

Reversing malware analysis training part6 practical reversing

Hunting Rootkit From the Dark Corners Of Memory

Advanced malware analysis training session8 introduction to android

Reversing & Malware Analysis Training Part 6 - Practical Reversing (I)

Similar to Reversing & malware analysis training part 1 lab setup guide

Reversing & malware analysis training part 1 lab setup guideAbdulrahman Bassam

Reversing malware analysis training part1 lab setup guide

Cysinfo Cyber Security Community

Reversing & malware analysis training part 5 reverse engineering tools basics Abdulrahman Bassam

Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam

Reversing & malware analysis training part 7 unpacking upxAbdulrahman Bassam

Reversing & malware analysis training part 10 exploit development basicsAbdulrahman Bassam

Reversing & malware analysis training part 8 malware memory forensicsAbdulrahman Bassam

Reversing & malware analysis training part 2 introduction to windows internalsAbdulrahman Bassam

AppSec California 2016 - Making Security Agile

Oleg Gryb

Reversing & malware analysis training part 9 advanced malware analysisAbdulrahman Bassam

Reversing & malware analysis training part 11 exploit development advancedAbdulrahman Bassam

Best free tools for win database adminConcentrated Technology

Best free tools for w d aConcentrated Technology

Making Security Agile

Oleg Gryb

Security process should be integrated with SDLC well to be successful. While many companies have already moved from Waterfall to Agile methodologies security remains behind more often than not. We have demonstrated in our presentation how security can move to agile by utilizing open source tools, customizing them to meet our needs and to implement a continuos security testing using dynamic scanners as well as manual testing. It’s very important also to assure that false positives are not fed to the developers bug tracking systems and to assign a severity for each finding correctly. To make it happen we import all our findings to a security dashboard and review them before exporting to a bug tracking system.

Dev{sec}ops

Steven Carlson

GNUCITIZEN Dwk Owasp Day September 2007

guest20ab09

App lockerConcentrated Technology

Penetration testing dont just leave it to chance

Dr. Anish Cheriyan (PhD)

Reversing & malware analysis training part 3 windows pe file format basicsAbdulrahman Bassam

Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf

lior mazor

Similar to Reversing & malware analysis training part 1 lab setup guide (20)

Reversing & malware analysis training part 1 lab setup guide

Reversing malware analysis training part1 lab setup guide

Reversing & malware analysis training part 5 reverse engineering tools basics

Reversing & malware analysis training part 12 rootkit analysis

Reversing & malware analysis training part 7 unpacking upx

Reversing & malware analysis training part 10 exploit development basics

Reversing & malware analysis training part 8 malware memory forensics

Reversing & malware analysis training part 2 introduction to windows internals

AppSec California 2016 - Making Security Agile

Reversing & malware analysis training part 9 advanced malware analysis

Reversing & malware analysis training part 11 exploit development advanced

Best free tools for win database admin

Best free tools for w d a

Making Security Agile

Dev{sec}ops

GNUCITIZEN Dwk Owasp Day September 2007

App locker

Penetration testing dont just leave it to chance

Reversing & malware analysis training part 3 windows pe file format basics

Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf

Recently uploaded

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Knowledge engineering: from people to machines and back

Elena Simperl

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

The Future of Platform Engineering

Jemma Hussein Allen

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Recently uploaded (20)