## 9/JUL Hands-On Malware Analysis:
#### UNPACKING MALWARE USING REVERSING TOOLS AND DEBUGGERS
Malware authors use many forms of obfuscation to complicate the analysis of their code, as well as to aid in avoiding detection by security products. Packing is one such technique, in that the malicious program is hidden inside another program. To effectively analyze malware, the first step is to identify when packing is being employed and extract the hidden executable. Failure to do so can result in time wasted analyzing the unpacking logic or mis-identifying a malicious program.
In this hands-on workshop, you will learn how to identify signs of packing and obfuscation in native code formats (PE files) using a variety of free and open source tools. We will develop strategies for detecting both known and custom packers, as well as perform unpacking using reversing tools and debuggers such as IDA Pro, Ghidra and x64dbg. By the end of this workshop you will be equipped to recognize the signs of packing and the tools needed to tackle it head-on!
The primary requirement for this workshop is a desire to learn and the determination to tackle challenging problems. However, having some familiarization with the following topics will help students maximize their learning in this workshop:
* Basic malware analysis
* An understanding of programming languages such as control structures (IF statements, loops and functions), data structures (objects, structures, arrays) and variable usage
* Ability to read assembly for Intel 32 and 64 bit architectures
* Proficiency with a Windows-based debugger such as WinDbg, x64dbg or Immunity
**DURATION** 2 hours lecture/demo, 15 minute break mid-session, 30 - 45 minutes QA. Total 3 hours
**Josh uses these techniques extensively in his full blown training [Advanced Malware Analysis and Reverse Engineering](https://ringzer0.training/advanced-malware-analysis.html) at #VirtualVegas 2021.**
Watch the Video
9 JULY 2021
8 am - 11 am Pacific Time
Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a malware analyst for Bromium, an end-point security company and is the Director of Training for the Open Information Security Foundation (OISF). Josh has spent years developing security-related courses and is passionate about sharing that knowledge with others all over the world. Josh lives in South Dakota with his wife Janice and three children.