Malware: Prevention, Detection, and Response

Paths

Malware: Prevention, Detection, and Response

Authors: Tyler Hudak, Aaron Rosenmund

In this container of content, you will learn how to analyze several specific types of malware for the purpose of identifying indicators used for host and network detection. To... Read more

What you will learn

  • Host detection and analysis of indicators
  • Network detection and analysis of indicators
  • Defensive techniques to combat the specific malware type

Pre-requisites

  • Security fundamentals
  • Malware Analysis skill path

Malware: Prevention, Detection, and Response

In this container of content, you will learn how to analyze, several specific types of malware, for the purpose of identifying indicators that can be used for host and network detection.

Setting Up a Malware Analysis Lab

by Tyler Hudak

Nov 21, 2019 / 1h 25m

1h 25m

Start Course
Description

In this course, Setting Up a Malware Analysis Lab, Aaron Rosenmund and Tyler Hudak discuss why you need to have your own malware analysis lab. There are variety of roles outside of reverse engineering that performs dynamic analysis of malware samples. Having the skills to identify the indicators of compromise make you invaluable to incident response and security operations teams. You will learn not only how to build a virtual machine, but also how to modify the operating system to properly trick the malware into believing it is in a safe place to detonate, what tools to use, and how to run them in your own malware analysis lab.

Table of contents
  1. Course Overview
  2. Malware Analysis for Security Operations
  3. Creating a Sacrificial VM
  4. Passing Off Your Virtual Machine as the Real Deal
  5. Choosing Your Load Out
  6. Summary and Recap

Fileless Malware

by Tyler Hudak

Dec 18, 2018 / 1h 40m

1h 40m

Start Course
Description

In this course, Hunting for Fileless Malware, Tyler Hudak and Aaron Rosenmund tackle what exactly fileless malware is, why it is used by attackers, and the different defensive strategies that can be taken to defend your organizations from it. Learn about different examples of fileless malware techniques, the use of native tools (PowerShell and WMI), and the types of defenses you can use. By the end of this course, you’ll have a solid understanding of the various types of fileless malware and how best to defend against it.

Table of contents
  1. Course Overview
  2. What Is Fileless Malware?
  3. How Does Fileless Malware Work?
  4. Why Do Attackers Use These Techniques?
  5. Defenses Against Fileless Malware: Employing Proper Logging
  6. Defenses Against Fileless Malware: Utilizing Hunting Tools
  7. Conclusion

Trickbot Banking Trojan

by Tyler Hudak

Nov 15, 2019 / 1h 29m

1h 29m

Start Course
Description

In this course, Malware Analysis and Detection: TrickBot, Aaron Rosenmund and Tyler Hudak discuss the malware TrickBot, a popular malware used by attackers. By the end of this course, you will learn how TrickBot works, what it does to computers it compromises, and what tools you can use to detect it on your hosts and network.

Table of contents
  1. Course Overview
  2. Introducing Trickbot
  3. Dynamic Analysis in the Lab
  4. Obtaining TrickBot Configuration and Files
  5. Detecting TrickBot Indicators on Your Network
  6. Summary and Recap

Coming Soon

Business Email Compromise

Coming Soon

by Tyler Hudak

Coming Soon

Business Email Compromise

Coming Soon

by Aaron Rosenmund