This workshop aims to teach participants how to locate unknown malware within a corporate network, analyze the sample to identify indicators of compromise, and use these indicators to eradicate the malware using freely available tools. The course covers topics such as INT3 breakpoints, memory breakpoints, Windows internals, process exploitation, VM detection, and debugger-specific techniques. The teaching method involves a hands-on approach with practical examples and demonstrations. This course is intended for individuals interested in malware analysis, cybersecurity, and network security.
Indicators of Compromise - From Malware Analysis to Eradication
44CON Information Security Conference via YouTube
Overview
Syllabus
Intro
About me
Malware Research Lab, 2012
How INT3 breakpoints work
Memory Breakpoints
Hardware breakpoints
Timing
Windows Internals
Debug Object Handle
Thread Hiding
Open Process
Parent Process
UnhandledExceptionFilter
Process Exploitation
Nanomites
Stolen Bytes (Stolen Code)
Virtual Machines (think JVM, not Box)
Guard Pages
Removing the PE Header
Anti-dumping
Exploiting IA-32 Instructions
Interrupt 2D
Stack Segment
Instruction Prefixes
Exploiting LA-32 Instructions
VM Detection
Debugger specific techniques
Other Techniques
Announcement
Taught by
44CON Information Security Conference
