- About FIRST
- FIRST Members
- Global Initiatives
- Special Interest Groups (SIGs)
- Best Practices Contest
- Standardization efforts
- Affiliates
- Events
- Meetings
- Security Library
- Newsroom
Thursday — March 29th, 2012 09:00
Important note: Students need to bring a Windows XP Virtual Machine. The samples to be used in the class are not malicious.
In this training we will see how to use OllyDBG, a free and powerful application debugger, to analyze malicious samples and discover some tricks used by malware to difficult the analysis. The intent of this training is to show how one can use OllyDBG powerful features to bypass the protection and obfuscation used in malware. The samples used during the training have been crafted by the author to mimic the behavior of such malware, but without the malicious payload. The training is an entry level course and will be divided in 4 sessions with the following content:
Requirements: Due to the nature of this training, a basic knowledge of Assembly language is required. Good knowledge of programming languages is a plus, as it may help understand the structures seen in Assembly. The student must also have a virtual machine with Windows XP ready to use, and install the following software on it:
OllyDBG
http://www.ollydbg.de/download.htm
Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
FileAlyzer
http://www.safer-networking.org/en/filealyzer/index.html
The student also need to copy the example samples provided in class to the virtual machine.
Guilherme Vênere (McAfee)
Copyright © 1995 - 2013 by FIRST.org, Inc.
