Developing offensive thinking is the highlight of this training, you'll have the experience of understanding attacks that are used in cybercrime and be able to take practical actions to identify these threats, understand how Cyber Kill Chain works, and perform static and dynamic analysis of malicious files. You`ll be able to create different strategies to send attacks and to know how to deliver them.
What tools will you use?
- VirtualBox or VMWare for a virtual machine
- Kali Linux, ParrotOs, REMnux and other Unix platforms
- Metasploit Framework with Meterpreter
- IOC Editor
- Aquatone / Httpdom
- And others based on Red-Teaming-Toolkit
What skills will you gain?
- Identification of threats
- First steps in malware analysis
- Practical understanding of threat hunting, using to make research
- Cyber Kill Chain Strategies
- Investigation of malware and differences in behaviors
- Reconnaissance steps
What will you learn about?
The student will have the experience of learning to execute several efficiency and detection tests in their lab environment, bringing the result of the defensive security analysis with an offensive mindset. The student will also perform types of attacks that are used in cybercrime and be able to take practical actions to identify these threats. They will understand how the Cyber Kill Chain works, learning Static and Dynamic Analysis, and executing your own attacks.
Course general information:
DURATION: 18 hours
CPE POINTS: On completion you get a certificate granting you 18 CPE points.
Course launch date: June 22nd, 2021
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- A virtualization platform such as VirtualBox or VMWare
- 4 GB of available RAM
- At least 15GB of available hard drive space
What should you know before you join?
- Basic concepts of Security, be familiar with using Windows and Linux operating environments
- Understanding of pentest tools and techniques
- Be familiar with VirtualBox/VMware and be able to import and configure virtual machines
- Be familiar with some networking concepts, such as OSI and TCP/IP models
- Conceptual knowledge of programming/scripting, using Bash, PowerShell, Python
- Basic Web Application Concepts
Filipi Pires has been working as a Principal Security Engineer and Security Researcher at Zup Innovation, Global Research Manager at Hacker Security, Staff of DEFCON Group São Paulo-Brazil, He has presented talks at Security events in US, Germany, Poland, Hungary, Czech Republic, Brazil and other countries, served as University Professor in graduation and MBA courses at colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, he is a Founder and Instructor of the Course - Malware Analysis - Fundamentals.
Building Threat Hunting through Cyber Kill Chain
During this module, you will see practical differences between malware, the technical characteristics between APTs Attacks and Malwares, we are walking through the first knowledge about cyber threats, types of attacks and how these malware, vulnerabilities and exploits work, we will discover how to find the first evidence of a malware, understanding how Cyber Kill Chain is connected to an advanced threat persistent, so we can build a Threat hunting team, creating a “criminal” cyber mind.
Module 1 covered topics:
- Creating an environment for Malware Hunting
- Malware Analysis – Ransomware (Practical)
- Kill Chain / What are APTs?
- The Impact of APTs on the Market
- Phases for Malware Analysis
- Malware Analysis – Petya (Practical)
- Threat Hunting - Understanding a new approach
- Introduction to Threat Hunting
- Empowering my SoC
- Creating “Criminal” minds
Module 1 exercises:
- Find evidence maximum in five (5) real Ransomware.
The Zoo Github Binaries
Malware Bazaar Platform
During this module, we will develop our knowledge in Malware Analysis (static and dynamic) and the types of analysis that can be performed when we are trying to discover more evidence about a cyber threat, we will do a lot of tests with real malware understanding different characteristics among them and how they work.
Module 2 covered topics:
- Types of Extensions for Analysis
- What is Static Analysis?
- First Steps
- Malware Analysis - Erebus
- First Commands / Finding Strings
- Malware Analysis - Mamba
- First Commands / Finding Strings
- Using Static Analysis tools
- Knowing Bulk_Extractor
- Dynamic Analysis
- PDF Stream
Module 2 exercises:
- Performing static Analysis in Malware ELF
- Performing static Analysis in Malware PE
- Performing static Analysis in Malware PDF
- Practical using of the Bulk_Extractor
- Performing PDF Stream to find malicious evidence
Developing Cyber Kill Chain Strategy – Part 1
In this module we will learn how to develop the Cyber Kill Chain strategies, such as Reconnaissance Steps, Weaponization Steps and Delivery Steps.
Module 3 covered topics:
- What is the Purple Team?
- Reconnaissance strategy
- MITRE ATT&CK framework
- Key controls for prevention and detection
- Obfuscation and Packaged Malware (Packeds)
- Internal Software Structures
- Delivery Strategy
- Phishing process
- Mail controls e-web proxies
Module 3 exercises:
- Performing static Analysis in Malware PE finding packers
- Performing practical Weaponization test
- Performing practical Delivery test
Developing Cyber Kill Chain Strategy – Part 2
In this module, we will continue to learn how to develop the Cyber Kill Chain strategies, such as: Execution Steps, Exploitation Steps, Command & Control Steps and Lateral Movement Steps.
At the end, we’ll learn more about Open-Source Tool focused on Malware Hunting to build our Lab.
Module 4 covered topics:
- Payload & Execution
- Types of Sandboxes
- Exploitation Techniques
- Patch management
- Exploit mitigation techniques.
- Command & Control Techniques
- Creating Command & Control environment
- Using and Detecting command and control channels
- Lateral Movement Techniques
- Windows privilege escalation techniques
- Linux privilege escalation techniques
- Using OpenSource Tools
- Recommendation Labs - Tools
Module 4 exercises:
- Performing dynamic analysis in Sandbox
- Performing practical Exploitation test
- Performing practical Command & Control test
- Performing practical Lateral Movement test
- Linux privilege escalation test
Practical test where students will receive a virtual machine infected with many malware. It will be necessary to carry out the analysis using all the tools and techniques developed throughout the course.
If you have any questions, please contact Bartek at [email protected]