RE101

6 sections. This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. You will be introduced to RE terms and processes, followed by creating a basic x86 assembly program, and reviewing RE tools and malware techniques. The course will conclude by participants performing hands-on malware analysis that consists of Triage, Static, and Dynamic analysis.

Fundamentals

In this section you will be setting up a safe virtual malware analysis environment., going over operating system and assembly concepts.

Malware Overview

Typical Attack Flow, Malware Classes, and Malware techniques.

Reverse Engineering Tools

Disassembler, Debuggers, & Information Gathering

Triage Analysis

You will want to quickly narrow down specific information and indicators before moving on to deeper static and dynamic analysis.

Static Analysis

This section will teach you how to jump into code in static disassembly then rename and comment on interesting assembly routines that we will debug in Section 6

Dynamic Analysis

Dynamic analysis is a deeper analysis of the program to understand hidden functionality not understood statically.