DURATION: 2 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: REGISTRATION CLOSED
PRICE: USD1499 / MYR4999 (early bird)
USD1899 / MYR6199 (normal)
Early bird registration rate ends on the 1st of August
Overview
Targeting attack normally will leverage on malicious documents to attack the victim. The buzzword on APT or Advance Persistence Threat was coin out of this attack. Attacker carefully crafted their malicious document with spear phishing email or web and sent it over to target. We have observed a lot of attacks trying to abuse the vulnerabilities on html, office, flash and pdf documents. As users are less cautious opening document files, the malicious document files has become quite a successful attack vector. Many office related documents such as *.doc, *.xls and *.pdf are used in combination with malicious flash or javascript in this attack to provide a better way of obfuscation or more reliable exploitation technique.
This hands-on workshop will highlight techniques and issues related to analyzing malicious documents files (office, flash and PDF).This workshop will walk through participant how to analyze in-the-wild malicious documents. We’ll share how we can analyze malicious document file by using few techniques and method against different office file formats. Shellcode analysis will be conducted as well to get the whole picture of malicious documents attack anatomy.
By the end of this course, students will be able to analyze a malicious document files and know how to solve obfuscation techniques used and how to extract the payload in order to perform a further analysis.
Course Outline:
We expect participant to have basic knowledge on exploit structure, as well as shellcode. We’ll provide VM training image for the training. Pedagogic Methods Used to Teach Material (lecture, hands-on labs, demonstrations, group exercises, etc.):
Lecture, hands-on labs, demonstration and group exercises will be engaged.
Who Should Take This Class + Student Requirements, experience/expertise:
Audiences should have an understanding of software development practices. General knowledge of software security and general knowledge of reverse are recommended, but not required. For those audiences with no software security background, few reading materials related to malicious document analysis is recommended for reading (Google is a good start).
Student Requirements, equipment/software students must furnish:
Student should install Virtual Box to their machine with at least 2GB Ram to ensure the efficiency and speed of VM operation.