BSidesLV 2017 has ended
Back To Schedule
Wednesday, July 26 • 08:00 - 11:55
Practical Malware Analysis - Hands-On FULL

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Learn how to analyze Windows malware samples, with a hands-on series of projects in a fun, CTF-style environment. There are four levels of analysis challenges.

1. Basic static analysis with file, strings, PEiD, PEview, Dependency
Walker, and VirusTotal
2. Basic dynamic analysis with Process Monitor, Process Explorer,
RegShot, and Wireshark
3. Advanced static analysis with IDA Pro Free and Hopper
4. Advanced dynamic analysis with Ollydbg and Windbg

The first challenges are easy enough for beginners, and the later ones
get difficult enough to interest intermediate security professionals.
We will demonstrate the challenges, discuss the technologies and
techniques, and help participants get through them as needed.

These challenges use harmless malware samples from the "Practice
Malware Analysis" book by Michael Sikorski and Andrew Honig.

All materials and challenges are freely available at samsclass.info,
including slide decks, video lectures, and hands-on project
instructions. They will remain available after the workshop ends.

Participants should be familiar with basic C programming. Experience with developing Windows applications, assembly language, and debuggers is helpful but not necessary.

Participants must bring a laptop (any OS) with VMware or VirtualBox
installed on it. Each participant will need a 32-bit Windows virtual
machine to run malware samples. USB sticks with a Windows Server 2008 VM will be available for students to copy. Some projects also use a Kali Linux VM to simulate the Internet, but that's not required.

avatar for Sam Bowne

Sam Bowne

Instructor, CCSF
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges. Formal education: B.S. and Ph.D. in Physics Industry credentials... Read More →
avatar for Devin Duffy

Devin Duffy

Intern, Uber
I really love hearing about different malware attack vectors and APT campaigns. I'm currently seeking a junior pentesting position.
avatar for Dylan James Smith

Dylan James Smith

Dylan James Smith has assisted with hands-on workshops at B-Sides LV, DEF CON, RSA and other conferences. He has worked in and around the computer support industry since adolescence. Now he’s old(er.) Currently focused on learning and teaching "the cybers."

Wednesday July 26, 2017 08:00 - 11:55 PDT
Training Ground 3 (The Platinum, Platinum Room) 211 E Flamingo Rd, Las Vegas, NV 89169