AiSP x CyberproAI Masterclass - Malware Analysis & Threat Hunting workshop

By the end of this workshop, participants will be able to perform a complete forensic investigation of a web-based compromise, ranging from initial entry point identification to command-and-control (C2) analysis and credential recovery using network traffic analysis tools.

The "Big Picture" vs. The "Microscope"

• Police Academy teaches Network Traffic Analysis (PCAP). This is the "Big Picture"—seeing how an attacker moves from the outside in. It’s easier for students to visualize a file being uploaded and a connection being made.

• Bitter Lemon is a "Microscope" task. It involves Malware Analysis and reverse engineering. If a student doesn't understand how a C2 server talks over a network (Police Academy), they will likely struggle to understand why a malware sample is calling a specific function like WinHttpOpen (Bitter Lemon).

Pre-requisites for participants:

• Basic understanding of PCAP and networking (OSI model, IP addressing and ports)
• Knowledge of HTTP Method and terminal-based tools for data manipulation
• Windows OS proficiency (comfortable with using Powershell)
• Ability to read basic Python and VBA (macro) code snippets
• Basic knowledge of malware theory and Wireshark tool will be helpful

Please bring along your own laptop and charger (Wi-fi provided).