I thought about opening this post writing “Sorry I haven’t posted in a long time…” Then I realized most probably nobody cares, so I didn’t.
tl;dr: Binary reverse engineering and zombies. Success is guaranteed :)
Recently I got through a friend the opportunity of presenting a short (one day) training involving binary reverse engineering and some malware analysis. Since I’ve been thinking about putting together this kind of training for a while, I thought it would be a great opportunity to create a raw version and get a first round of valuable feedback.
As I mentioned, due to time constraints mainly, the slides are a bit on top of each other and it’s very rough around the edges. I’ll have to work out some kinks in next versions and if you are an experienced reverser, I’m sure you will spot a couple of embarrasing mistakes…
That said, the training went pretty well. Although some people had only a first knowledge of the topic (well, that’s why you go to a training, isn’t it?) they were, luckily for me, very competent people. They were actually absorbing information at an alarming rate!
There was a complementary software package that had to be installed in a VM to be able to follow along and spend some time with a couple of short exercises. At the end two malware samples were analyzed and typical tricks used by malicious code were presented. Along the lines “If you see this and that, be pretty sure this software is up to no good…”
Without the software package or the proper explanation the slides are sometimes difficult to follow but anyway they look nice :P
NOTE: I realize that I may have broken all kind of copyrights, past, present and future but since there was no financial profit involved and this is for the community, I’m sure the people of AMC will find room in their hearts to forgive me.
NOTE2: I tried to give proper credit where I took something from the internet. If it’s not on the slide self, it’s on the related code on the software package. If not, I just forgot and I’m a jerk. Drop me a line and I’ll add it.
I know, less talking and more showing the slides. They are here: The Walking 0xDEAD slides