3-DAY TRAINING 3: Advanced Malware Analysis: Combating Exploit Kits


CAPACITY: 20 pax


EUR2599 (early bird)

EUR2999 (normal)

Early bird registration rate ends on the 13th of January


Cyber-criminals are innovating faster than ever, and the cyber-crime industry caused the loss of hundreds of billions of dollars last year across the US and Europe alone. In this course, Advanced Malware Analysis: Combating Exploit Kits, you’ll learn the skills you need to pull apart and analyze exploit kits (an advanced form of malware).
First, you’ll explore the tools and techniques you’ll be using as well as analyze events collected by Bromium micro-VMs. Next, you’ll work on unraveling the exploit kits–figuring out which ones were used, what they look like, how to decrypt them, and how to detect them in “the wild.”
Finally, you’ll learn how to conduct safe dynamic analysis of these exploit kits, detect CNC communication, and share your analyses so that these problems can be remedied. By the end of this course, you’ll not only have a better understanding of what exploit kits are and how to detect them, but you’ll be able to analyze how they work and report them so that your data is safer than ever from cyber-crime.

Who Should Attend

Anyone wishing to dig into malware on a deeper level

Key Learning Objectives

How to pull real-world malware apart.

Preequisite Knowledge

None- but some background in programming and architecture will be helpful.

Hardware / Software Requirements

Bring a laptop with VMware Workstation, Player, or Fusion installed. Be sure you have plenty of RAM and Disk space to run the supplied VM.


Day 1: Malware Analysis

  • –  Signatures, hashes, and strings
  • –  OSINT – leveraging VirusTotal, Malwr, and others
  • –  Sandboxes – executing malware in a safe environment
  • –  Monitoring tools during execution – ProcMon, WireShark, Process Explorer, etc.
  • –  Understanding file formats – exploring Portable Executables
  • Getting Started with IDA – our first sample

Day 2 – Distribution and Exploit Kits

– How is malware spread: spam and spear phishing

  • –  Office documents/macros
  • –  JS as an attachment
  • –  URLs that lead to Exploit Kits
  • –  Analyzing an Exploit Kit from start to finish
    • –  Server compromise
    • –  Malicious JS
    • –  Exploit
    • –  Looking at the malware – intermediate IDA

Day 3 – Advanced Analysis

  • –  Looking at the exploit – reversing Flash with JPEX
  • –  Reversing the malware
    • –  Defeating packing/obfuscation
    • –  Static analysis on the binary
  • –  Automation through IDA Python
  • –  Moving Target Communications (domain generation algorithms)
  • –  Customizing Reports: From Researchers to CISOs

Location: Training Rooms Date: April 10, 2017 Time: 9:00 am - 6:00 pm Dr. Jared DeMott