SECURITY TRAININGS


Dear readers, good day!

Finally, after facing a so busy agenda last year and during three the first months of 2017, I have returned writing all trainings again and probably I will release the first ones at end of this year or beginning of 2018. There is a big chance that the first classes will be: Malware 1Hunting Malwares using Memory Analysis 1 and Digital Forensics 1

To further information about these courses, fill the form at end of this page. Any training content can be changed without previous notification. I am still adjusting the topics. 🙂

Malware 1 (5 days – 40 hours)

• Introducing to Malwares
• Building a physical and virtual lab
• Profiling Malwares
• PE Format
• Static Analysis: basics
• Dynamic Analysis: basics
• Analyzing malicious documents such as HTML pages, PDF and .doc
• Assembly 32 and 64 bits: quick review
• Reversing C: how to reverse the most known constructions
• IDA Pro: a crash course
• Windows Internals and Exception Handling: only the necessary information
• Debugging concepts, procedures , OllyDbg and Immunity
• How to handle malicious DLLs
• Malware Forensics

Malware 2 (5 days – 40 hours)

• WinDbg: a crash course
• Malwares in Kernel
• DLL Injection and API Hooking: the game starts
• IDA Pro: additional concepts
• First tricks used by malwares
• C++ and x64-Malwares
• Anti-Forensics Malware Methods
• .NET malwares
• Packers – an extensive approach
• Virtualized Malwares
• Other kind of malwares
• The Hell: analyzing real cases

Hunting Malwares using Memory Analysis 1 (5 days – 40 hours)

• Introduction
• How to acquire memory
• Tools
• Windows World
• Processes
• Memory
• Logs
• Registry
• Extra Examples
• Real Cases

Hunting Malwares using Memory Analysis 2 (5 days – 40 hours)

• The networking aspect
• Services: they hidden facts
• Problems related to Kernel
• GUI
• Timelines
• Events
• A new approach for the old forensics: the disks
• Miscellaneous
• Extra Examples
• Real Cases

Hunting Malwares using Memory Analysis 3 (5 days – 40 hours)

• How to acquire Linux Memory
• Forensic Linux Details
• Memory and Processes
• The old and good networking
• Files Systems
• Kernel threats
• Rootkits
• Real Cases

Windows Exploit Development 1 (5 days – 40 hours)

• Basic concepts: Assembly and Stack
• Buffer Overflow without protections
• Buffer Overflow: SeH and SafeSeH
• Buffer Overflow: ASLR challenge

Windows Exploit Development 2 (5 days – 40 hours)

• SEH and ASLR: a quick review
• Buffer Overflow: the international aspects
• Buffer Overflow in stages
• Shellcodes
• ROP

Windows Exploit Development 3 (5 days – 40 hours)

• Introduction to Heap Overflow
• The heap world
• ROP + Heap – hard combination
• Advanced Heap

WinDbg 1 (5 days – 40 hours)

• Introduction
• First steps with debuggers
• Stacks
• Heap
• Security
• Leaks: memory and others
• IPC and Synchronization
• X64 Debugging
• Crash Dump Analysis

WinDbg 2 (5 days – 40 hours)

• Introduction : concepts about Windows
• Configuring the environment
• Dump acquisition
• Analyzing several crash dumps

WinDbg 3 (5 days – 40 hours)

• Introduction
• Configuring the environment
• Debugging the Kernel
• Finding malware tracks

WinDbg 4 (5 days – 40 hours)

• (To be defined)

Digital Forensics 1 (5 days – 40 hours)

• The preparation and volatile information
• Acquiring Information from memory and disk
• Seeing the past with VSC
• Artifacts from Internet
• Registry
• Windows File System
• Linux File System
• Detailing the File System analysis
• Malwares and Anti-Forensics
• Timeline

Inside the Windows 1 (5 days – 40 hours)

• Basic Concepts
• General Architecture
• Dispatching
• Working Threads
• Object Manager
• Synchronization
• LPC
• Debugging
• Image Loader
• Kernel Protection
• Registry
• Services
• Processes and Threads
• Security
• Networking

Inside the Windows 2 (5 days – 40 hours)

• The I/O World
• Storage Topics
• Memory
• File Systems
• Cache
• Starting and Stopping the Windows

Rootkits (5 days – 40 hours)

(to be defined)

For further information about courses, fill the form below, please: