How to Protect Yourself and Your Company Against Sneaky Malware by Designing a Tricky Ransomware!
In this workshop, you will practically learn how to analyze modern malware by performing static and dynamic analysis techniques in a sandboxing environment. Furthermore, you will learn how to identify sneaky malware by creating new malware (e.g., Ransomware) for educational purposes. This practice will illustrate to you how to digest malware internals and read the attacker's mind and predict potential techniques in other malware. Moreover, I will discuss and practice several critical techniques that sophisticated malware writers nowadays use to circumvent standard protection systems (e.g., AV engines and Firewalls). At the end of the day, you will be able to analyze advanced malware and protect yourself and your company against different kinds of deceptive and tricky malware such as ransomware, backdoors, and trojans.
- Apr 1Online1 day12:00 - 18:00 UTC450 USD
What you'll learn:
-The differences between various categories of malware in real-world hacking such as ransomware, trojan, and keylogger in ethical hacking
-Java basics in order to design a case study malware
-Common cryptographic algorithms (by visual examples) used in ransomware
-Malware internals and how a malware designer thinks!
-Sophisticated malware bypass security mechanisms such as antivirus engines
-How to set up a practical sandbox environment for malware analysis
-How to perform malware analysis by static code analysis
-How to analyze potential malicious executable paths via call-graph extraction
-How to perform dynamic taint tracking to catch dynamic code generation and malicious libraries installed by program updates
-How to write a technical report and publish your results effectively
Mohammadreza is a software security researcher and program analysis enthusiast. Particularly he is interested in studying various techniques of performing program fuzzing and testing for COTS binaries. In this regard, he has successfully implemented several practical security testing frameworks, such as Tainer (for Java), RustFuzz (for Rust), and Etherolic (for Ethereum). The results of his research projects have been published in top-notch conferences and journals and achieved various awards. Mohammadreza currently works as a postdoc researcher in Cyber Security at Virginia Tech as well as an adjunct assistant professor at Arden University in Berlin. Mo used to work for the University of Potsdam, CISPA, and Oracle Labs. He is also the founder and CEO of PersimmonWeb, a software startup. Currently, Mohammadreza lives in Berlin, and he likes cycling, photography, writing, and mixing electronics.
For more information check out his personal website: http://ashoury.de
- You should have a basic understanding of operating systems (e.g., Windows, Linux) and network, and a little programming knowledge (e.g., variable, arrays, loops, etc.)