Static Malware Analysis with Hex-Rays IDA Pro and WinDbg

This page keeps all original information and links. Japanese page
Training →Wireshark Open Seminar Education Partners →Books →Conference Speaking →Certifications
VirtualizationQt DevelopmentOpen Seminar ArchiveWireshark Track RecordCyber ​​security track record Information Processing Engineer Exam

List of seminars Past Seminars
Malware3

Course code: Malware-3 Hex-Ray Malware static analysis using IDAPro and WinDbg
IDA ProMemoryRegisterRegisterList
Seminar name/code
Date/time
Overview

Hex-Ray IDAPro and

Introduction to Malware static analysis with WinDbg
(Code:Malware-3)

2 days OR 3 days
(10:00-18:00)

This is a Malware reverse engineering seminar using IDA Pro and WinDbg.
We use IDA Pro and WinDebug to disassemble the EXE and DLL of Windows (PE format 32-bit/64-bit format) and statically analyze the behavior of Malware.

Textbook and equipment used
Lecturer
Purpose

★Distribution
Kali Linux latest version
・Resume material
・CD-ROM
・USB memory
・Ikeriri bag
・Ikeriri magnet


MegumiTakeshita
Megumi Takeshita
Ikeriri★Network Service Co., Ltd.

learning-photo1

The purpose of this course is to understand the introductory steps for static analysis of Malware, understand the movement and internal workings of Malware, and the files it generates, and be able to analyze detailed operations.


Using Hex Ray's IDA Pro and WinDbg, you will learn the basics of how to use the x86 assembler and debugger, and how to track binaries.

*The seminar will use actual malware for detection and analysis. It is detected as a malicious tool by many antivirus software, antimalware tools, VirusTotal, etc. Please be careful when handling capture files. (important)

(Note)
This seminar is about cyber security, where you will learn malware analysis using packet capture in a closed network for practice, and you will not be able to actually create and distribute malware. violates the Unauthorized Computer Access Act, as well as criminal and civil laws, and may be subject to punishment. This seminar is all about learning about the behavior of malware, and learning about detection, analysis, and defense measures based on packet capture. Please confirm and agree to this
Seminar details

Static analysis of Windows malware (PE32 binary)

Checking PE format using PE View
Analysis of file header and file format structure

Introduction to Hex Ray IDA Pro
Subroutine calling and breakpoint processing with IDA Pro

Assembler basics

mnemocks, registers, addresses, assemble, disassemble

Explanation of assembler code, branching, and commonly used methods

Comparison between C language notation and assembler notation

Reverse engineering analysis of Win32PE applications with disassembler and debugger

List of seminars Past Seminars

Copyright Ikeriri Network Service Limited,All Rights Reserved.

English articles of incorporation Privacy policy site map search inquiry