The aim of the course, designed by Filipi Pires, is to help you understand how malware attacks work and how to create your own offensive strategies. You will learn everything you need to know about static and dynamic malware analysis, on the practical examples of real-life cases, such as Petya, Erebus, Mamba, and more! These skills will lead you to high Threat Hunting proficiency. Then, going through Cyber Kill Chain methodology, you will be able to develop a creative, offensive thinking.
What tools will you use?
- VirtualBox or VMWare for a virtual machine
- Kali Linux, ParrotOs, REMnux and other Unix platforms
- Metasploit Framework with Meterpreter
- IOC Editor
- Aquatone / Httpdom
- And others based on Red-Teaming-Toolkit
What skills will you gain?
- Identification of threats
- First steps in malware analysis
- Practical understanding of threat hunting, using to make research
- Cyber Kill Chain Strategies
- Investigation of malware and differences in behaviors
- Reconnaissance steps
What will you learn about?
You will have an opportunity to execute several efficiency and detection tests in their lab environment, bringing the result of the defensive security analysis with an offensive mindset. You will also perform types of attacks that are used in cybercrime and be able to take practical actions to identify these threats. Going through the course materials, you will understand how the Cyber Kill Chain works, learning Static and Dynamic Analysis, and executing your own attacks.
Course general information:
DURATION: 18 hours
CPE POINTS: On completion you get a certificate granting you 18 CPE points.
Course launch date: June 22nd, 2021
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- A virtualization platform such as VirtualBox or VMWare
- 4 GB of available RAM
- At least 15GB of available hard drive space
What should you know before you join?
- Basic concepts of Security, be familiar with using Windows and Linux operating environments
- Understanding of pentest tools and techniques
- Be familiar with VirtualBox/VMware and be able to import and configure virtual machines
- Be familiar with some networking concepts, such as OSI and TCP/IP models
- Conceptual knowledge of programming/scripting, using Bash, PowerShell, Python
- Basic Web Application Concepts
WATCH THE DEMO VIDEO BELOW >>
YOUR INSTRUCTOR - Filipi Pires
I’ve been working as Security and Threat Researcher at Saporo, and Cybersecurity Advocate at senhasegura, Snyk Ambassador, Application Security Specialist, Hacking is NOT a crime Advocate and RedTeam Village Contributor. I’m part of the Coordinator team from DCG5511(DEFCON Group São Paulo-Brazil), International Speakers in Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve been served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
Building Threat Hunting through Cyber Kill Chain
In this module, you will learn about practical differences between various malware types. You will be also presented with the technical interdependence between APTs and malware. The introductory knowledge on attack types and cyber threats in the context of Cyber Kill Chain will lead you to build a Threat Hunting team with the attacker’s mindset.
Module 1 covered topics:
- Creating an environment for Malware Hunting
- Malware Analysis – Ransomware (Practical)
- Kill Chain / What are APTs?
- The Impact of APTs on the Market
- Phases for Malware Analysis
- Malware Analysis – Petya (Practical)
- Threat Hunting - Understanding a new approach
- Introduction to Threat Hunting
- Empowering my SoC
- Creating “Criminal” minds
Module 1 exercises:
- Find evidence maximum in five (5) real Ransomware.
The Zoo Github Binaries
Malware Bazaar Platform
During this module, you will develop our knowledge on malware analysis (Static and Dynamic), and the types of analysis that can be performed when we are trying to discover more evidence about a cyber threat. We will also do a lot of tests with real malware samples, understanding different characteristics among them, and the way they work.
Module 2 covered topics:
- Types of Extensions for Analysis
- What is Static Analysis?
- First Steps
- Malware Analysis - Erebus
- First Commands / Finding Strings
- Malware Analysis - Mamba
- First Commands / Finding Strings
- Using Static Analysis tools
- Knowing Bulk_Extractor
- Dynamic Analysis
- PDF Stream
Module 2 exercises:
- Performing static Analysis in Malware ELF
- Performing static Analysis in Malware PE
- Performing static Analysis in Malware PDF
- Practical using of the Bulk_Extractor
- Performing PDF Stream to find malicious evidence
Developing Cyber Kill Chain Strategy – Part 1
In this module we will learn how to develop the Cyber Kill Chain strategies, such as Reconnaissance Steps, Weaponization Steps and Delivery Steps.
Module 3 covered topics:
- What is the Purple Team?
- Reconnaissance strategy
- MITRE ATT&CK framework
- Key controls for prevention and detection
- Obfuscation and Packaged Malware (Packeds)
- Internal Software Structures
- Delivery Strategy
- Phishing process
- Mail controls e-web proxies
Module 3 exercises:
- Performing static Analysis in Malware PE finding packers
- Performing practical Weaponization test
- Performing practical Delivery test
Developing Cyber Kill Chain Strategy – Part 2
In this module, we will continue to learn how to develop the Cyber Kill Chain strategies, such as: Execution Steps, Exploitation Steps, Command & Control Steps and Lateral Movement Steps.
At the end, we’ll learn more about open-source tools focused on malware hunting to build our lab.
Module 4 covered topics:
- Payload & Execution
- Types of Sandboxes
- Exploitation Techniques
- Patch management
- Exploit mitigation techniques.
- Command & Control Techniques
- Creating Command & Control environment
- Using and Detecting command and control channels
- Lateral Movement Techniques
- Windows privilege escalation techniques
- Linux privilege escalation techniques
- Using OpenSource Tools
- Recommendation Labs - Tools
Module 4 exercises:
- Performing dynamic analysis in Sandbox
- Performing practical Exploitation test
- Performing practical Command & Control test
- Performing practical Lateral Movement test
- Linux privilege escalation test
Practical test where students will receive a virtual machine infected with many malware. It will be necessary to carry out the analysis using all the tools and techniques developed throughout the course.