After an introduction to theory and tooling, we will be reverse engineering malware techniques including API hashing and string encryption. Once reverse engineering of these components is completed, we will be writing scripts to automate extraction of intelligence and analysis of future variants.
Participants should prepare by:
Basic Programming Knowledge
Participants must have the following equipment:
- Laptop with at least 16GB of RAM
- Windows VM
- Linux VM (Ubuntu or preferred distribution)
- Ghidra (https://ghidra-sre.org/)
- Ghidrathon (https://github.com/mandiant/Ghidrathon)
- Python (https://www.python.org/)