Dr. Bill Gauvin gives the first in a series on this topic. In this session, viewers are introduced to the Portable Executable (PE) file format as it relates to RE and malware analysis. Tools, such as Strings, PEview, Ghidra, and the Windows Visual Studio debugger are introduced to allow the viewer to understand the basic strategies used to perform first static, then dynamic analysis on sample files. Concepts such as identifying packed files, identifying obfuscation techniques, and understanding program content, structure, and flow to allow attendees to perform CTF challenges are discussed. During this session, key resources are identified that allow viewers to obtain the tools demonstrated and perform the operations displayed, allowing them to increase their knowledge and skill, preparing them for the more advanced concepts of malware analysis that will be performed in follow-up sessions on this topic.
Up Next in Season 1
-
ASYMMETRIC CRYPTO FOR A GRUNT
"Excrucio" talks RSA cryptography, a general history, the math behind it, and 2 labs. including (1)SSH keys and (2)using a hex editor.
-
EMULATING ADVERSARY ATTACKS WITH MITR...
This talk will be a deep dive into the MITRE ATT&CK framework which are the common tactics, techniques, and procedures (TTP's) that adversaries leverage to compromise networks and systems. How do you really know if you are secure? The best approach to understanding your security posture is to...
-
HISTORY OF SILENT CIRCLE & BLACKPHONE...
Michael Janke is a 6-time founder/CEO, accomplished entrepreneur, and former member of SEAL Team 6. Mike is Co-Founder of Data Tribe - a unique startup foundry and venture capital firm, specializing in commercial technology startups focused on Cybersecurity and Data Science. Mike speaks around th...
