Victor Chebyshev is a Security Expert at Kaspersky Lab, where he researches for mobile malware. He graduated from Moscow Institute of Electronics and Mathematics. During his studying, he became interested in reverse engineering and malware analysis. After graduation, he changed several jobs before landing his position as Information Security Specialist. Kaspersky Lab hired Chebyshev as Junior Malware Analyst in January 2009. By 2013 he was promoted to Non-Windows Malware Research Group Manager and then at 2015 to Security Expert. Nowadays Chebyshev is an experienced specialist and has deep knowledge in Android, Linux and Mac OS malware.
This course is meant as a practical course on malware reverse engineering and analysis for beginners. It will start with an introduction to the main concepts and terms needed, as well as an assembly language crash course for those with no prior experience. We will learn what approaches and tools can be used and how to perform static and dynamic analysis of malicious executables for multiple platforms – Windows, Linux, MacOS and Android. The course will also cover some of the more advanced topics on software vulnerabilities and exploits analysis, reverse engineering byte-code and script languages, automating reverse engineering tasks, unpacking, deobfuscating and dynamic binary instrumentation.
SKILLS:
- Information Security
- Penetration Testing
- IDS
- Network Security
- Security Audits
DATE: 12 – 30 Mar, 2018
DURATION: 3 Weeks
LECTURES: 3 Hours per day
LANGUAGE: English
LOCATION: Barcelona, Harbour.Space Campus
COURSE TYPE: Offline
Session 1
Introduction to the main reverse engineering concepts and terms
Setting up needed software and safe environment. Processor architectures, CISC vs RISC, data types, endianness, main purpose hardware registers, virtual memory and memory addressing, stack and stackframe.
WHAT YOU WILL LEARN
COURSE OUTLINE
ABOUT VLADISLAV
BIBLIOGRAPHY
HARBOUR.SPACE
Session 2
Introduction to x86 and x64 Architecture and Assembly
Function epilogue and prologue. Calling conventions. Register set and instruction set. Finding C code constructs in Assembly. Practice: Assembly Hands-on and Exercises.
Session 3
Windows OS Architecture and Static Analysis
Windows Architecture overview. Kernel mode vs user mode. Portable Executable file format. Compiler, Assembler and Linker. Practice: Working with PE files, Determining compiler, Quick static malware analysis. Reverse Engineering C and C++ code using HIEW and IDA Pro.
MALWARE REVERSE ENGINEERING
The ability to dissect, analyse executables and scripts, as well as understand what they do, is becoming an important skill not only for an information security engineer, but for almost any IT related specialist. The hands-on, practice-oriented format of this course will allow students to rapidly obtain skills needed for static and dynamic analysis. As a result, students will gain a deeper and more thorough understanding of applications and operating systems, they would learn how to analyse and reverse engineer software, avoid common software bugs, exploited by attackers and build better, more secure application.
VLADISLAV
STOLYAROV
HARBOUR.SPACE UNIVERSITY
DATE: 12 – 30 Mar, 2018
DURATION: 3 Weeks
LECTURES: 3 Hours per day
LANGUAGE: English
LOCATION: Barcelona, Harbour.Space Campus
COURSE TYPE: Offline
BORIS LARIN
Vlad is focused on all sorts of vulnerability research, advanced exploit detection and prevention. Active CTF contests player.
Received bachelor and master's degrees from Moscow Technical University of Communications and Informatics and Higher School of Economics universities.
ABOUT VICTOR
All rights reserved. 2018
Session 4
Dynamic Analysis and Debugging
Monitoring Windows APIs. Using system monitoring utilities to capture file system, registry and network activity. Debugging windows applications using x64dbg, windbg. Practice: Dynamic malware analysis and debugging exercises. Determining sample functionality.
BORIS LARIN
Boris has more than 7 years of experience in Reverse Engineering. His work on a subject of code deobfuscation won the contest among others 3000 submissions in International Cyber World Competition.
In Kaspersky Lab he is responsible for detection and prevention of advanced threats such as exploits with all modern antivirus technologies.
ABOUT BORIS
VICTOR CHEBYSHEV