SecurityXploded.com
Reference Guide to Reverse Engineering & Malware Analysis Training
 
 
Reference Guide - Malware Analysis Training Series
 
 
Here is the complete reference guide to all sessions of our Reverse Engineering/Malware Analysis & Advanced Malware Analysis Training program.

Adv Malware Analysis Training Session 11 - (Part 2) Dissecting the HeartBeat RAT Functionalities
  1. Pulsing the HeartBeat APT
  2. HeartBeat APT Targeting Attack
Adv Malware Analysis Training Session 10 - (Part 1) Reversing & Decrypting Communications of HeartBeat RAT
  1. The HeartBeat APT Campaign
  2. Pulsing the HeartBeat APT
  3. HeartBeat APT Targeting Attack
Adv Malware Analysis Training Session 8 - Introduction to Android
  1. The Android Dalvik Virtual Machine Architecture
  2. Collection of Android Security Resources
  3. ExploitMe Mobile by Security Compass
  4. Open Source database of Android Malware
Adv Malware Analysis Training Session 7 - Memory Forensics
  1. Volatility - Advanced Memory Analysis Framework
  2. Volatility Research Blog
  3. MoonSols Windows Memory Toolkit
  4. PyMal - The Malware Analysis Framework
Adv Malware Analysis Training Session 6 - Sandbox Analysis
  1. CWSandbox :: Behavior-based Malware Analysis System
  2. Cuckoo Sandbox - Open source automated malware analysis
  3. Capture BAT - Malware behavioral analysis tool
  4. INetSim - Software for Network Behaviour Analysis of Malwares
  5. Anubis: Online Malware Analysis Service
Adv Malware Analysis Training Session 5 - Reversing Automation
  1. IDAPython in a Nutshell
  2. API Call Tracing - PEfile, PyDbg and IDAPython
  3. pefile - Python module for PE (Portable Executable) Files
  4. Book: Grey Hat Python
  5. Malpimp - Malpimp - Advanced API Tracing Tool
Adv Malware Analysis Training Session 4 - Anti-Analysis Techniques
  1. The Ultimate Anti-Debugging Reference
  2. Anti-Debugging – A Developers View
  3. Anti-Debugging with Exceptions
  4. AntiRE – An executable collection of Anti-Reversing Techniques
Adv Malware Analysis Training Session 3 - Botnet Analysis Part I I
  1. Dynamic Taint Analysis and forward Symbolic Execution
  2. Taint Checking - Introduction
  3. Dytan: A Generic Dynamic Taint Analysis Framework
  4. Valgrind - Framework for building dynamic analysis tools
  5. Taint Analysis for Automatic Malware Detection
  6. TTAnalyze: A Tool for Analyzing Malware
  7. JACKSTRAWS: Picking C & C Connections from Bot Traffic
  8. BackTracking Intrusion
Adv Malware Analysis Training Session 2 - Botnet Analysis Part I
  1. About Botnet - History, Attacks & Countermeasures
  2. Windows Asynchronous Procedure Calls
  3. About Waledac Botnet - http://en.wikipedia.org/wiki/Waledac_botnet
  4. Demo Video - Waledac Botnet Analysis - https://vimeo.com/57755964
Adv Malware Analysis Training Session 1 - Detection & Removal of Malwares
  1. GMER - Anti-rootkit Tool http://www.gmer.net/
  2. SpyDLLRemover - Tool to Remove Malicious DLLs from Process http://bit.ly/csujQX
  3. SpyBHORemover - Tool to Remove Malicious BHOs from Process http://bit.ly/1zGRN
  4. VirusTotal Scanner - Desktop Tool for Quick Anti-virus Scan http://bit.ly/Lir4Qz
  5. TCPView - http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
  6. AutoRuns - Manage Startup Entries http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
  7. Demo Video 1 - http://youtu.be/cV4Uln6BGUQ
  8. Demo Video 2 - http://youtu.be/2NORHci6tbw
  9. Demo Video 3 - http://youtu.be/sMtcaXNstw0
  10. Demo Video 4 - http://youtu.be/S-awFK4pNpM
-
Reversing/Malware Analysis Training Part 1 - Lab Setup Guide
  1.  Virtualization:
    1. VmWare - http://www.vmware.com/
    2. VirtualBox - https://www.virtualbox.org/
  2.  Tools Development:
    1. Compilers/IDE:
      1. Dev C++ - http://www.bloodshed.net/devcpp.html
      2. Microsoft Visual C++ - http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express
    2.  Assemblers:
      1. MASM - http://www.masm32.com/
      2. NASM - http://www.nasm.us/
      3. WinAsm (IDE) - http://www.winasm.net/
    3. Langugages:
      1. Python - http://python.org/
  3. Tools Reverse Engineering:
    1. Disassembler:
      1. IDA (5.0) - http://www.hex-rays.com/products/ida/support/download.shtml
      2. IDAPython - http://code.google.com/p/idapython/
    2. Debuggers:
      1. OllyDbg - http://www.ollydbg.de/
      2. Immunity Debugger -
      3. Windbg - http://msdn.microsoft.com/en-us/windows/hardware/gg463009
      4. Pydbg - http://code.google.com/p/paimei/
    3. PE file Format:
      1. PEView
      2. PEBrowse - http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
      3. LordPE - http://www.woodmann.com/collaborative/tools/index.php/LordPE
      4. ImpRec - http://www.woodmann.com/collaborative/tools/index.php/ImpREC
      5. PEid - http://www.peid.info/ vi. ExeScan - http://securityxploded.com/exe-scan.php
    4. Process:
      1. ProcMon - http://technet.microsoft.com/en-us/sysinternals/bb896645
      2. Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653
    5. Network:
      1. WireShark - http://www.wireshark.org/
      2. TcpView - http://technet.microsoft.com/en-us/sysinternals/bb897437
    6. File and Registry:
      1. Regshot: http://sourceforge.net/projects/regshot/
      2. Capturebat - http://www.honeynet.org/node/315
      3. InstallWatchPro. - http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html
      4. FileMon - http://technet.microsoft.com/en-us/sysinternals/bb896642
    7. Misc:
      1. CFFexplorer - http://www.ntcore.com/exsuite.php
      2. Notepad++ - http://notepad-plus-plus.org/
      3. Dependency walker - http://www.dependencywalker.com/
      4. Sysinternal Tools - http://technet.microsoft.com/en-us/sysinternals/bb842062
Reversing/Malware Analysis Training Part 2 - Introduction to Windows Internals
  1. Book: Windows Internals 5th Edition - Chapter 1, 2, 3, 5, 9
  2. Windows Architecture - http://technet.microsoft.com/en-us/library/cc768129.aspx
  3. Book: RootKit Arsenal - Part 1 - Windows System Architecture
  4. System Service Dispatching - http://www.codeproject.com/KB/system/hide-driver/NtCallScheme_small.png
Reversing/Malware Analysis Training Part 3 - Windows PE File Format Basics
  1. Portable Executable File Format - A Reverse Engineer View - Goppit - http://ivanlef0u.fr/repo/windoz/pe/CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View.pdf
  2. An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
  3. Lena 151 tutorials - http://tuts4you.com/download.php?list.17
  4. Icezelion's PE tutorials - http://win32assembly.programminghorizon.com/tutorials.html
Reversing/Malware Analysis Training Part 4 - Assembly Programming Basics
  1. Assembly Programming: A Beginners Guide - http://securityxploded.com/assembly-programming-beginners-guide.php
  2. Icezelion's Win32 Assembly Programming Tutorials  - http://win32assembly.programminghorizon.com/tutorials.html
  3. Function Calling Convention Demystified - http://www.codeproject.com/KB/cpp/calling_conventions_demystified.aspx
  4. Intel Manual – Volume 2 (Instruction set), Volume 3 (system programming 3A) -
    http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf
Reversing/Malware Analysis Training Part 5 - Reverse Engineering Tools Basics
  1. Video - Intro to OllyDbg and its Settings - http://www.youtube.com/watch?v=UqnQCVvYk3A
  2. Video - Intro to IDA Pro Disassembler - http://www.youtube.com/watch?v=zvWc-XsBKrA
  3. Automation of Reversing Through Scripting - http://securityxploded.com/automation-reversing-scripting.php
Reversing/Malware Analysis Training Part 6 - Practical Reversing (I)
  1. Video Demonstration - Reversing Sample Crackme using IDA Pro http://www.youtube.com/watch?v=6r5Q7YYnUSc
  2. Creating KEYGEN for Crackme Code http://securityxploded.com/creating-keygen-for-crackme.php
  3. Lena 151 tutorials - part1 to part 10 -http://tuts4you.com/download.php?list.17
  4. Book: 'The IDA Pro Book' - Unofficial Guide to IDA Pro http://www.amazon.com/The-IDA-Pro-Book-Disassembler/dp/1593272898
  5. Book: Practical Malware Analysis - chapter 1-7 http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901
  6. Book: Reversing - Secrets of Reverse Engineering - chapter 1,2,3,4,5,8 http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817
Reversing/Malware Analysis Training Part 7 - Practical Reversing II: Unpacking UPX
  1. Video Demonstration - Unpacking UPX using OllyDbg & ImpREC http://http://vimeo.com/42197903
  2. Manual Unpacking of UPX using OllyDbg http://securityxploded.com/unpackingupx.php
  3. UPX: Ultimate Packer for Executables http://upx.sourceforge.net/
  4. ImpREC: Import Table Reconstruction Tool http://securityxploded.net/download/Imprec.zip
  5. Best Unpacking Tutorials by ARTeam http://www.accessroot.com/
Reversing/Malware Analysis Training Part 8 - Practical Reversing III: Malware Memory Forensics
  1. Demo Video - http://www.youtube.com/watch?v=YcVusDjnBxw
  2. Malware Memory Forensics Article http://securityxploded.com/malware-memory-forensics.php
  3. Volatility - An advanced memory forensics framework http://code.google.com/p/volatility/
  4. Volatility - Volatile memory analysis research http://volatility.tumblr.com/
  5. MoonSols Windows Memory Toolkit http://www.moonsols.com/windows-memory-toolkit/
Reversing/Malware Analysis Training Part 9 - Practical Reversing IV: Advanced Malware Analysis
  1. Demo Video 1 - http://youtu.be/592uIELKUX8
  2. Demo Video 2 - http://youtu.be/3bxzvrGf5w8
  3. Volatility - An advanced memory forensics framework http://code.google.com/p/volatility/
  4. Volatility - Volatile memory analysis research http://volatility.tumblr.com/
  5. The Honeynet Project - http://www.honeynet.org/node/315
  6. Malware Analysis Tools & Training - http://zeltser.com/reverse-malware/
Reversing/Malware Analysis Training Part 10 - Practical Reversing V: Exploit Development Basics
  1. Demo Video 1 [EIP Overwrite]- http://www.youtube.com/watch?v=erl_Aee8oDg
  2. Demo Video 2 [SEH Exploitation]- http://www.youtube.com/watch?v=njQ47H7jO4s
  3. Remote Buffer Overflow Exploits - http://securityxploded.com/remote-buffer-overflow-exploits.php
  4. Exploit writing tutorials https://www.corelan.be/index.php/articles/
Reversing/Malware Analysis Training Part 11 - Practical Reversing VI: Exploit Development Advanced
  1. Demo Video 1 [DEP Bypass] - http://vimeo.com/49069964
  2. Demo Video 2 [HeapSpray] - http://vimeo.com/49070337
  3. Past, present and future of Windows Exploits: http://bit.ly/vr1IEw
  4. Exploit writing tutorials: https://www.corelan.be/index.php/articles/
  5. Preventing the exploitation of SEH overwrite: http://bit.ly/OM6olZ
  6. Stack Protections Bypass:
Reversing/Malware Analysis Training Part 12 - Case Study: Rootkit Analysis
  1. DemoVideo 1: Mader – SSDT Hooking - http://youtu.be/5cLd2HukfbU
  2. DemoVideo 2: Prolaco – Process Hiding using DKOM - http://youtu.be/J7odu8OkBYs
  3. DemoVideo 3: Darkmegi/waltrodock – Installs Device Driver - http://youtu.be/ZAWfu-tRzrc
  4. DemoVideo 4: Carberp – Syscall Patch and Inline Hooks - http://youtu.be/ui_qLL3_w7A
  5. Book - The Rootkit Arsenal http://amzn.to/RXHvbN
  6. Volatility - An advanced memory forensics framework http://volatility-labs.blogspot.in
See Also