Windows Malware Analysis for Hedgehogs – Beginner Training

seeders: 73

leechers: 37

updated: 4 months

Added 4 months by tutsnode in Other > Tutorials

Download Fast Safe Anonymous
movies, software, shows...

Downloads: 183
Language: English

Files

Windows Malware Analysis for Hedgehogs - Beginner Training [TutsNode.org] - Windows Malware Analysis for Hedgehogs - Beginner Training 3. Triage and file type basics

5. Lab Triage 2 Whole file examination.mp4 (142.5 MB)
2. Download links.html (1.6 KB)
11. Triage Quiz.html (0.2 KB)
3. Lab Triage 1 Determine file types of unknown samples.mp4 (103.0 MB)
10. Lab Exercise solution.mp4 (80.6 MB)
9. Lab Triage 4 Final analysis.mp4 (68.3 MB)
7. Deciphering antivirus detection names for malware.mp4 (49.7 MB)
1. What is triage.mp4 (43.2 MB)
4. What is a file type.mp4 (37.8 MB)
8. Lab Triage 3 VirusTotal autoscans and first research.mp4 (35.4 MB)
6. Antivirus detection names and formats for malware.mp4 (26.2 MB)
6.1 AV Detection Names - 2023-08-28 10.43.52.pdf (14.5 MB)
1.1 Triage - 2023-04-15 06.22.51.pdf (5.7 MB)

6. Portable Executable format and .NET

2.1 Portable Executable Format-Basics.pdf (118.2 KB)
3. PortexAnalyzer and DnSpy download.html (1.0 KB)
8. Portable Executable metadata exercise.html (0.2 KB)
9. Portable Executable Quiz.html (0.2 KB)
4. Lab PE 1 MS DOS stub, COFF file header, timestamps and REPRO builds.mp4 (102.3 MB)
5. Lab PE 2 Optional header and section table.mp4 (94.7 MB)
13. Lab .NET 3 Code search in DnSpy.mp4 (92.6 MB)
6. Lab PE 3 Resources, icons, debug path, imports.mp4 (78.4 MB)
7. Lab PE 4 Anomalies and visualization.mp4 (75.2 MB)
12. Lab .NET 2 Running the file, DnSpy basics.mp4 (62.6 MB)
11. Lab .NET 1 .NET basics and triage.mp4 (53.9 MB)
10. Compilation and Interpretation.mp4 (39.8 MB)
2. Portable Executable format basics.mp4 (37.5 MB)
1. Introduction to Portable Executable files.mp4 (24.7 MB)
10.1 Compilers and interpreters - 2023-04-26 07.49.42.pdf (13.4 MB)
1.1 PE Basics - 2023-09-05 05.41.30.pdf (2.7 MB)

2. Malware lab setup

10.1 Safety rules.pdf (70.7 KB)
10. Safety rules summary.html (8.1 KB)
2. Download links.html (0.9 KB)
11. Safety rules quiz.html (0.2 KB)
9. Network, snapshots and first sample execution.mp4 (70.6 MB)
3. Installing VirtualBox Windows 10 VM.mp4 (64.1 MB)
5. Enabling hidden files view and removing Windows Defender.mp4 (57.6 MB)
8. Sample handling Prevent execution via ACLs (Windows host only).mp4 (54.7 MB)
1. Malware Analysis Lab.mp4 (46.4 MB)
7. Sample handling Shared folder setup.mp4 (44.2 MB)
4. Installing VirtualBox Guest Additions.mp4 (27.7 MB)
6. Sample handling Course samples and password protected archives.mp4 (21.2 MB)

12. Packers and unpacking methods

4. Download links and documentation.html (3.0 KB)
10. Lab Poison 1 Speakeasy API logging.mp4 (130.3 MB)
12. Lab Injector DLL Unpacking via VirtualAlloc.mp4 (127.7 MB)
6. Lab Winupack 1 packing, fix disassembly in x32dbg.mp4 (121.3 MB)
7. Lab Winupack 2 Find OEP via tracing, dump and fix imports.mp4 (100.3 MB)
11. Lab Poison 2 Unpacking via RtlDecompressBuffer.mp4 (88.1 MB)
5. Installing Python 3 and Speakeasy.mp4 (53.3 MB)
8. Lab Winupack 3 Find OEP via hardware breakpoint on stack.mp4 (49.1 MB)
9. One generic unpacking approach.mp4 (35.2 MB)
2. Unpacking methods.mp4 (32.5 MB)
1. How packers work.mp4 (32.3 MB)
3. Unpacking stub types and how they work.mp4 (27.1 MB)
2.1 Unpacking Methods - 2023-09-11 05.39.15.pdf (16.8 MB)
9.1 Unpacking Approach - 2023-09-11 06.08.21.pdf (16.7 MB)
1.1 Packers - 2023-09-11 05.43.00.pdf (6.7 MB)
3.1 Unpacking Stubs - 2023-09-10 05.45.54.pdf (5.0 MB)

7. File analysis verdicts

5. Installing the bindiff and certificate tools.html (0.9 KB)
9. Lab diffing3 Force strict signature verification.mp4 (98.2 MB)
2. File analysis verdicts.mp4 (85.6 MB)
6. Lab diffing 1 Binary diffing with vbindiff and meld.mp4 (85.6 MB)
7. Lab diffing 2 Identify certificate manipulation.mp4 (74.9 MB)
3. Clean vs malicious—approaches for clean file analysis.mp4 (44.1 MB)
10. Mapping detection names to file verdicts.mp4 (39.1 MB)
1. Analysis types.mp4 (19.4 MB)
3.1 Determine Clean vs Malicious - 2023-09-10 05.44.08.pdf (17.5 MB)
2.1 Analysis Verdicts - 2023-04-15 07.28.26.pdf (14.9 MB)
4. Tools for binary diffing and finding hidden certificate data.mp4 (13.8 MB)
8. How signature verification works.mp4 (10.3 MB)
1.1 Analysis Types.pdf (4.5 MB)

10. Debugging basics with x64dbg

2. Download links and bookmarks.html (0.9 KB)
10. x64dbg Quiz.html (0.2 KB)
8. Lab ASLR 1 Rebasing and DllCharacteristics in the Optional Header.mp4 (94.4 MB)
5. Lab x64dbg 3 Software breakpoints.mp4 (89.1 MB)
7. Lab x64dbg 5 Memory breakpoints.mp4 (83.7 MB)
9. Lab ASLR 2 Hex to Bin Conversion, Bitmasks and Disabling Exploit Protection.mp4 (83.4 MB)
3. Lab x64dbg 1 CPU view windows.mp4 (72.3 MB)
4. Lab x64dbg 2 Navigation.mp4 (69.4 MB)
6. Lab x64dbg 4 Hardware breakpoints.mp4 (51.1 MB)
1. x64dbg introduction.mp4 (29.4 MB)

4. Wrapped files and installers

3. Tools and links.html (0.6 KB)
13. Wrappers and installers quiz.html (0.2 KB)
9. Lab Installers 1 Layer 1 Unpacking Nullsoft.mp4 (138.4 MB)
5. Lab Wrapped files 2 Obtaining the script with ACLs.mp4 (124.1 MB)
12. Lab Installers 4 Triage of multiple files.mp4 (106.2 MB)
4. Lab Wapped files 1 Triage of a wrapped file.mp4 (103.0 MB)
11. Lab Installers 3 Extract 7zip SFX configuration.mp4 (76.1 MB)
7. Lab Wrapped files 4 Obtaining the script with APIMonitor.mp4 (74.9 MB)
10. Lab Installers 2 Layer 2 Extract 7zip SFX files.mp4 (73.7 MB)
6. Lab Wrapped files 3 Wrapped file payload analysis.mp4 (51.2 MB)
2. Wrapped files.mp4 (27.0 MB)
8. Installers.mp4 (20.0 MB)
1. Finding the malware developer's code.mp4 (17.1 MB)
2.1 Wrappers - 2023-09-03 07.51.53.pdf (6.0 MB)
8.1 Installers - 2023-09-03 08.13.53.pdf (5.8 MB)
Description

Description

This course teaches more than just reverse engineering because as a malware analyst you need a variety of other skills. You will learn how to classify samples into malware types, how to identify malware families and how to determine file verdicts like clean, malicious, potentially unwanted programs, junk, grayware, or corrupt. Additionally, you will learn how malware persists, how to identify malicious autostart entries and clean infected systems.

The course aims to dispel common myths such as “trojan in a detection name means the file is a trojan horse” or “antivirus detection names are a malware classification”.

As a malware analyst with experience working at an antivirus company since 2015, I have trained many beginners in the field. I understand the usual pitfalls and the concepts that you need to grasp to become proficient. I focus on building strong foundations that make you flexible in the face of new malware advancements, rather than providing shortcuts with step-by-step recipes.

I will teach you how to differentiate between different types of files, including installers, wrappers, packed files, non-packed files, hybrid, and native compiled files. You will learn which tools to apply in which situations and how to analyse samples efficiently. To do that I give you example approaches that work for most situations.

This course is ideal for you if you already have some IT background, such as hobby or professional programmers, computer enthusiasts, administrators, computer science students, or gamers with an interest in the inner workings of software or IT security.

If you have a strong interest in the topic but lack the necessary IT background, I recommend that you learn programming first. Please refer to the course requirements for more information.

Tools

All the tools and web services that we use during the course are free:

Ghidra
x64dbg
VirtualBox
SysInternals Suite
PortexAnalyzer CLI and GUI
VirusTotal (without account)
Speakeasy by Mandiant
API Monitor
CyberChef
EXIFTool
Meld
VBinDiff
AnalyzePESig
DnSpy
C# Online Compiler programwiz
TriD
Detect-it-Easy
ReNamer
7zip
Notepad++
HxD
Malpedia
lnk_parser

Requirements

You should have a strong understanding of at least one programming language, such as Python, C, C++, Java, or C#. This is a crucial requirement for the course, not only because we create small scripts during the course but because reverse engineering needs an understanding of software as foundation. The specific language does not matter, as you cannot learn every language you may encounter during analysis anyways. The concepts of programming must be clear, though.

If you are not there yet, you should not buy this course and start learning C instead. C is great because it is low-level and will integrate well with x86 assembly language.

Additionally, you must be able to read (not write) x86 assembly to understand everything in the course. Without assembly you will only be able to understand two-thirds of the content. So if you consider starting this course right away and learning assembly alongside it, that should work fine.

During this course we look at samples that use the following execution environments:

x86, x64 assembly
.NET
Batch
PowerShell
Nullsoft scripts

However, you do not need to learn all of these languages. Because an analyst encounters new languages all the time, your skillset is rather in using the available documentation, manuals and help provided for those environments and languages. I also show you during the course how to use the documentation for ,e.g., PowerShell.

Out of scope

Malware analysis is a broad field, so there are inevitably topics that I will not teach during this course because they would rather require their own course. Some of these topics are: assembly language, programming, how computers work, URL and website analysis, networks, analysis of malware for other platforms than Windows, mobile malware, IoT malware.
Who this course is for:

ideal for people with some IT experience or IT enthusiasts who are beginners in malware analysis and reverse engineering
entry-level or aspiring malware analysts
computer science graduates
software developers
SOC analysts
hobby programmers

Requirements

You know how to program in at least one language (e.g. Python, C, C#, Java, …)
You are able to read x86 assembly

Last Updated 10/2023

Download torrent
6.4 GB

seeders:73

leechers:37

Windows Malware Analysis for Hedgehogs – Beginner Training

Torrent: Windows Malware Analysis for Hedgehogs – Beginner Training

Trackers

tracker name

udp://open.stealth.si:80/announce

udp://tracker.tiny-vps.com:6969/announce

udp://fasttracker.foreverpirates.co:6969/announce

udp://tracker.opentrackr.org:1337/announce

udp://explodie.org:6969/announce

udp://tracker.cyberia.is:6969/announce

udp://ipv4.tracker.harry.lu:80/announce

udp://tracker.uw0.xyz:6969/announce

udp://opentracker.i2p.rocks:6969/announce

udp://tracker.birkenwald.de:6969/announce

udp://tracker.torrent.eu.org:451/announce

udp://tracker.moeking.me:6969/announce

udp://tracker.dler.org:6969/announce

udp://9.rarbg.me:2970/announce

µTorrent compatible trackers list

udp://open.stealth.si:80/announceudp://tracker.tiny-vps.com:6969/announceudp://fasttracker.foreverpirates.co:6969/announceudp://tracker.opentrackr.org:1337/announceudp://explodie.org:6969/announceudp://tracker.cyberia.is:6969/announceudp://ipv4.tracker.harry.lu:80/announceudp://tracker.uw0.xyz:6969/announceudp://opentracker.i2p.rocks:6969/announceudp://tracker.birkenwald.de:6969/announceudp://tracker.torrent.eu.org:451/announceudp://tracker.moeking.me:6969/announceudp://tracker.dler.org:6969/announceudp://9.rarbg.me:2970/announce

Download torrent
6.4 GB

seeders:73

leechers:37

Windows Malware Analysis for Hedgehogs – Beginner Training

Torrent: Windows Malware Analysis for Hedgehogs – Beginner Training
Torrent hash: CFC334AA76FCBBF84B440B11927EFE052494EB3E

Windows Malware Analysis for Hedgehogs – Beginner Training

Files

Description

Trackers

Latest Searches

Friends Links