- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
San Francisco, CA - April 19 - 21, 2009
- Event Location & Info
- Faculty
- Vendor Expo
- General Info
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
The perfect balance of theory and hands on experience.
-James d. Perry II, University of Tennessee
Reverse-Engineering Malware: The Essentials of Malware Analysis
Sunday, April 19, 2009 - Monday, April 20, 2009 : 9am - 5pmLenny Zeltser, SAVVIS
6 CPE Credits Per Day
Expand your capacity to fight malicious code by learning how to analyze bots, worms, and trojans. This two-day course discusses the essential techniques for examining malware using a variety of system monitoring tools, a disassembler, and a debugger. You don't have to be a full-time malware searcher to benefit from this course — as organizations increasingly rely on their staff to act as first responders during a security incident, malware analysis skills become increasingly important.
By covering both behavioral and code analysis approaches, this unique course provides a rounded approach to reverse-engineering. As a result, the course makes malware analysis accessible even to individuals with a limited exposure to programming concepts. The materials do not assume that the students are familiar with reverse-engineering; however, the difficulty level of concepts and techniques increases quickly as the course progresses.
This course covers the key aspects of reverse-engineering malicious code. The instructor explains how to set up an inexpensive and flexible laboratory for understanding inner-workings of malware, and demonstrate the process by exploring capabilities of real-world specimens. You will learn to examine the program's behavioral patterns and assembly code, and study techniques for bypassing common code obfuscation mechanisms. The course also takes a look at analyzing browser-based malware.
Hands-on workshop exercises are an essential aspect of this course and allow you to apply reverse-engineering techniques by examining malicious code in a carefully-controlled environment. When performing the analysis, you will study the supplied specimens' behavioral patterns, and examine key portions of their assembly code.
Those students who wish to continue studying tools and techniques for malware analysis may be interested in taking the follow-up course from SANS Institute, SEC602: Reverse-Engineering Malware: Additional Tools and Techniques.
- Who Should Attend
- You will benefit from this course if your job ever requires you to understand key aspects of malicious programs.
- Individuals who found this course particularly useful often had responsibilities in the areas of incident handling, forensic analysis, Windows security, and system administration.
- Attendees of this course often focus on supporting their organizations’ internal security needs. The class also frequently includes engineers from security product and service companies who are looking to deepen their malware analysis expertise.
- Topics Covered by the Course Include
- Configuring the laboratory environment
- Assembling the analysis toolkit
- Performing behavioral and code analysis
- Bypassing authentication mechanisms
- Reverse-engineering protected executables
- Intercepting network connections
- Patching compiled executables
- Examining shellcode
- Analyzing browser-based malware
- Malware analysis shortcuts
- You Will Learn to Analyze Malware Using Tools Such As
- System Monitor, Process Explorer, Regshot
- BinText, LordPE, FireBug, VMware
- IDA Pro, OllyDbg, OllyDump
- Snort, NetCat, Honeyd, fakeDNS
- Prerequisites
- Students should have a computer system that matches the stated laptop requirements: some software needs to be installed before you come to class.
- Students should be familiar with using Windows and Linux operating environments and be able to troubleshoot general connectivity and setup issues.
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy