- Windows Insecurity & Side steeping
- APT Groups
- Detailed attacks tactics
- President fraud & Phishing
Malware Threat Landscape (lecture)
- History: from Virus to Malware, history of evolution towards monetization.
- Discovery of different types and capabilities of malware.
- Identification and detection issues.
- Overview of the infrastructures used.
- Network infrastructures (botnets)
- Fastflux networks.
- Classic schemes of compromise.
- Compromise paths
- Remarkable malware: Overview of current malware families.
Reactions Preparation ( detection, reaction, lessons learn and start again)
- Logs preparation
- Time setup
- Security preparation
- What is needed, How to be ready to mitigate (Ids, Honey, RPZ Dns)
- Communications setup
- Why, How, External communication, Public communication
- Goal and Limitations
- Osint Data sources
- Att&ck and Kill Chain framework
- Available tools
Malware analysis essentials
- Objectives of the analysis of a malware.
- Prerequisites for analysis
- Windows internal operation & user lands process.
- Introductions to the assembler x86 / 64.
- Identification and detection techniques.
- Artifacts, Yara, Threat Intelligence
- Hunting principles
- Static Analysis vs Dynamic Analysis & Sandboxing.
- Pros and cons; Decompilers & disassemblers.
The work of a CSIRT Team
- Evidences collection 101
- How to take evidences (Art of memory and Disk dump)
- Sandbox (usage, benefits and restrictions)
- Basic tooling (Volatility, Sysinternals, Detection tools)
- Containment and reactions
- Appropriate actions to appropriate threats.
- How to face External Threat
- How to face Internal threat
- Organisation of a CSIRT team
- Tools Needed and organisation
- The SIM3 approach
- Teams and Organisations
- Practical study of a dropper via document office.
- Office files and script droppers
- How office documents are used
- VBA Document analyse
- VBA Obfuscations
- Tools for un-obfuscation
- Identification and sorting of a malware from a memory image.
- Detect and find user land threats
- Getting started with Volatility, Yara, and Threat intelligence.
- Static analysis of malware.
- Deployment of a threat Intelligence data bus
- Hand’s on IntelMQ