AiSP x CyberproAI Masterclass - Malware Analysis & Threat Hunting workshop
Learn to perform a complete forensic investigation of a web-based compromise and comprehensive analysis of a multi-stage malware infection.
By the end of this workshop, participants will be able to perform a complete forensic investigation of a web-based compromise, ranging from initial entry point identification to command-and-control (C2) analysis and credential recovery using network traffic analysis tools.
The "Big Picture" vs. The "Microscope"
- Police Academy teaches Network Traffic Analysis (PCAP). This is the "Big Picture"—seeing how an attacker moves from the outside in. It’s easier for students to visualize a file being uploaded and a connection being made.
- Bitter Lemon is a "Microscope" task. It involves Malware Analysis and reverse engineering. If a student doesn't understand how a C2 server talks over a network (Police Academy), they will likely struggle to understand why a malware sample is calling a specific function like WinHttpOpen (Bitter Lemon).
Pre-requisites for participants:
- Basic understanding of PCAP and networking (OSI model, IP addressing and ports)
- Knowledge of HTTP Method and terminal-based tools for data manipulation
- Windows OS proficiency (comfortable with using Powershell)
- Ability to read basic Python and VBA (macro) code snippets
- Basic knowledge of malware theory and Wireshark tool will be helpful
Please bring along your own laptop and charger (Wi-fi provided).
Learn to perform a complete forensic investigation of a web-based compromise and comprehensive analysis of a multi-stage malware infection.
By the end of this workshop, participants will be able to perform a complete forensic investigation of a web-based compromise, ranging from initial entry point identification to command-and-control (C2) analysis and credential recovery using network traffic analysis tools.
The "Big Picture" vs. The "Microscope"
- Police Academy teaches Network Traffic Analysis (PCAP). This is the "Big Picture"—seeing how an attacker moves from the outside in. It’s easier for students to visualize a file being uploaded and a connection being made.
- Bitter Lemon is a "Microscope" task. It involves Malware Analysis and reverse engineering. If a student doesn't understand how a C2 server talks over a network (Police Academy), they will likely struggle to understand why a malware sample is calling a specific function like WinHttpOpen (Bitter Lemon).
Pre-requisites for participants:
- Basic understanding of PCAP and networking (OSI model, IP addressing and ports)
- Knowledge of HTTP Method and terminal-based tools for data manipulation
- Windows OS proficiency (comfortable with using Powershell)
- Ability to read basic Python and VBA (macro) code snippets
- Basic knowledge of malware theory and Wireshark tool will be helpful
Please bring along your own laptop and charger (Wi-fi provided).
Good to know
Highlights
- 5 hours
- In person
Refund Policy
Location
SMU Lee Kong Chian School of Business
50 Stamford Road
Seminar Room 3.2, Lvl 3 Singapore, 178899
How do you want to get there?
Agenda
-
Registration
Participants to be registered by 12:45pm latest.
-
Introduction & Cympire Platform Onboarding
-
Cyber Simulation Workshop Technical Deep Dive
Instructor-led training - Police Academy / Bitter Lemon