CONFidence Online Trainings 2020

Instructor: Vitali Kremez
Format: 2-day online training
Date: 10-11 September 2020
No. of students: 10-20
Language: English
Prerequisites: Basic to intermediate reverse engineering and programming skills. Working knowledge of debuggers such as x64dbg, OllyDbg, etc. Familiarity with C/C++ and Python.
Requirements: A laptop capable of running 2 virtual machines running Windows 7 or 8. For static analysis, IDA Pro is most preferred, but Ghidra or similar tools are acceptable. For dynamic analysis, it's down to preference; OllyDbg, x32dbg, etc. for 32 bit programs, x64dbg for 64 bit programs.

Syllabus:

1. Threat Actor Playbooks
2. Initial Foothold
   • Exploit Kit
   • Office Macro Malware + Powershell
   • CVE 2018-8174 & CVE-2018-4878
3. Credential Theft
   • Methodology, Common Techniques
4. Privilege Escalation Techniques
   • COM API, LOLBin exploitation
5. Lateral Movement Techniques
6. Injection Technique Analysis
   • Process Injection
   • Self-Injection (Packers)
   • Injection with Hooks (IcedID)
7. Main Stager Analysis - Crimeware, covering:
   • PoS Malware, GO Based Malware (RobbinHood), Infostealers, Banking Trojans
   • Recognizing Common Encryption Algorithms in Malware
8. Main Stager Analysis - APT, covering:
   • Lazarus Malware, APT28 Malware
   • Analyzing APT41 Shellcode
9. Post Infection
   • Browser Hooking / Browser Password Theft Tools
   • Persistence Mechanisms
10. Threat Hunting
   • YARA Hunting for Code Reuse
11. Lab 1: Dridex Playbook
12. Lab 2: MuddyWater APT Playbook

This class is designed to train a mid-level to advanced practitioners in the logical process of malware and exploit analysis.
Practitioners will learn techniques with hands-on labs involving a variety of tools such as:
  •IDA x86/x64 (Plugins)
  •OllyDbg
  • ProcessHacker & Process Explorer
  • CFF Explorer
  • Wireshark & TCPDump