Introduction to Malware Reverse Engineering

The Advanced Persistent Threat (APT) is a huge concern in our industry right now.  In this talk we will look at live malware and use free and open source tools to dig deeper in to the inner workings of malware.  We will explore delivery methods such as vulnerable PDFs and Office Documents and perform static and dynamic malware analysis during the hands on lab.

You can attend this meeting on line using the following URL:

http://adobechats.adobeconnect.com/capsec2013sept/



Join or login to comment.

  • Josh R.

    I'm getting an error trying to import the REMnux appliance. Running Win7 as host...does that matter?
    Error reading:(file) unknown element "config".

    Do I really have to edit the ovf file to use, or am I missing something? Thanks!

    September 20, 2013

    • Josh R.

      nvm, took out some config elements from ovf, re-hashed, and put the new in the .mf file...worked! :)

      September 20, 2013

  • Kyle

    This is where I got the malware samples just in-case you want to play with other forms.

    http://contagiodump.blogspot.com/

    September 20, 2013

  • Josh R.

    Is there a way to watch or download the recorded sessions?

    September 19, 2013

  • Alfred

    Thanks Kyle! I appreciate the research and effort you put into using peepdf and the other tools. The lab work was useful and stimulated good discussions.

    1 · September 19, 2013

  • James W.

    Very good discussion. Definitely learned more about the topic. Fantastic job Kyle.

    September 19, 2013

  • Tai T.

    Thanks. Kyle. Excellent session. Thanks for all attendees input too.

    September 19, 2013

  • Sunjay

    Excellent review on malware reverse engineering.

    September 19, 2013

  • Garima J.

    Great workshop!! Thanks Kyle.

    September 19, 2013

  • Josh M.

    It was very informative and useful

    September 19, 2013

  • Salma

    Fantastic presentation -- thank you Kyle!!

    September 19, 2013

  • Rehan

    It was a really informative session.

    September 19, 2013

  • Marcelle

    Nice workshop, thanks!

    September 19, 2013

  • Fernando

    Very good session!

    September 19, 2013

  • Vishnu

    Very well covered topic

    September 18, 2013

  • Chris L.

    Great!

    September 18, 2013

  • Vishnu

    Since the venue is at Lockheed,
    I'm wondering if we need a specific access to get in?

    September 18, 2013

    • Kyle

      Vishnu, just ring the doorbell on the outside door and someone will let you in.

      September 18, 2013

  • Tai T.

    Do I need a laptop for this meetup session?

    September 18, 2013

    • Kyle

      Tai, we do have some computers on hand and will have the lab material on them. But we usually dont have enough for everyone. If you have the ability I would suggest bringing your laptop.

      September 18, 2013

  • Tai T.

    Do we have to bring a laptop for this meeting.

    September 18, 2013

  • Jerry

    Kyle, I would like to get the image installed prior to the meeting. Can you email the password to me at [masked]

    Thanks,

    Jerry

    September 18, 2013

  • Kyle

    If you are playing along online, the following zip file contains the virtual appliance we will be working with tonight. Just import it in to either VMWare or Virtual Box. The zip file is password protected and I will give out the password tonight in class or you can email me: kyle.slosek{at}gmail{dot}com.

    https://docs.google.com/file/d/0B0y1vzfWkaFfcF94TjFHbWEzdTA/edit?usp=sharing

    September 18, 2013

    • Kyle

      The slides are located here: http://files.meetup.c...­

      September 18, 2013

    • Kyle

      Please be aware that the VM is linux, but it contains live samples of malware that we will be analyzing. This is why I have encrypted the file. Please take the proper precautions when operating the VM.

      September 18, 2013

  • Salma

    How late is this session expected to run?

    September 18, 2013

    • Kyle

      Hi SK, we usually shoot for a 3 hour class, however we may end early depending on how the labs go.

      September 18, 2013

    • Salma

      Sounds great -- thank you!!

      September 18, 2013

  • Lillian Ekwosi S.

    Help me teach my nephew a moral lesson.........
    Each time we spend some precious time lecturing my nephew on the importance of staying in touch with his relatives, he responds by playing a very fast one on us. Lately (09/03), his cousins in London had their graduation, we urged my nephew to send an email same day 09/03, congratulating them. He lied he did and promised to forward us the sent message. After a couple of days, he forwarded an email he purportedly sent on 09/03.
    I called his cousins who stated they never received any email from him. I suspect he wrote the email and sent it to himself on 09/07. He then hit the “forward” button, changed the sent date to 09/03, added his cousins' email addresses, and of course, wiped out any extras and forwarded it to me as a proof. He boldly asked me to check the time stamp.
    Is there any how I can verify on a forwarded email if the exact date it was written and sent was modified or tempered with?
    Thanks for your noble course!!!

    September 11, 2013

    • Kelly B.

      This should probably be in the discussion section. Depending on how it was forwarded you probably lost all the envelope information that would have indicated the original sent date. Email in general is pretty easy to manipulate. The only way to really verify would be to check the mail server logs, assume you have to them which is unlikely unless you are running your own mail server.

      September 18, 2013

  • Ed G.

    i'll most likely be attending online. can the source files be made available so those of us attending virtually can participate?

    September 11, 2013

    • Kelly B.

      Yes, we are going to try to make the files available on-line. We are currently thinking that you will just need backtrack and we'll make he files we are analyzing available. I'll update everyone and provide more detailed instructions when I get more information from the presenter.

      September 13, 2013

    • Kyle

      Ed, see the link above for the download of the VM Appliance

      September 18, 2013

  • Josh M.

    cool will linux be involved

    September 10, 2013

    • Kelly B.

      I don't have all the details yet, but we run most of the tools on a Linux VM for for the hands on labs.

      September 10, 2013

    • Kyle

      Yes Josh, we will be using REMnux for malware analysis

      September 18, 2013

Our Sponsors

  • AboutWeb

    Capital Area Cyber Security User Group

People in this
Meetup are also in:

Imagine having a community behind you

Get started Learn more
Rafaël

We just grab a coffee and speak French. Some people have been coming every week for months... it creates a kind of warmth to the group.

Rafaël, started French Conversation Group

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy