iDefense Malware Training in NYC and London

I would like to announce the next two dates for iDefense malware training courses:

September 23 - 25 2009 (9am to 5pm) NYC
October 28-30 2009 (9am to 5pm) London

The cost is $3500/person. You'll get lots of hands-on technical training from myself and Greg Sinclair. As a pre-requisite, you should complete SANS GREM or a course of similar quality, or have 1-2 years experience with malware analysis. It would really help if you had your own license for IDA Pro (otherwise you can use the trial/limited 4.9 version), however almost all of the tools we use are free, very inexpensive, or home-made.

Here is a high-level description of the topics. If you want a more detailed agenda, or any other information about the course, please email me: michael (dot) ligh @ mnin (dot) org.

* Windows internals for reverse engineers
* Low level programming (reading/writing assembly)
* High level programming (Native and Win32 API, driver development, Python)
* Analyzing non-executable files (Javascript, MS Office documents, PDF, Flash)
* Dynamic analysis (Change detection, building a custom API monitor, pcap inspection)
* Static analysis (PE/COFF, working with IDA and plug-ins)
* Using a debugger to analyze malware (user programs with Immunity Debugger and kernel drivers with WinDbg)
* Packing and unpacking (dump and rebuild exes/dlls packed with both common and custom packers)
* Anti-RCE (ways to defeat debugger detection, VM detection, Emu detection)
* Code injection and rootkits (10+ injection techniques w/ source code, user mode rootkits, kernel mode rootkits)
* Stealth malware (methods to hide on disk, memory, and network - plus how to detect)
* Analyzing info stealers (HTML injection, key logging, password/credential theft)
* Memory forensics (hunting malware in memory, extending Volatility, case studies with new tools)
* Scripting debuggers (decrypting strings, computing CnC hostnames, decrypting configurations)
* Analyzing VB and Delphi malware

Also, just so you know, here are some topics that the class does NOT teach:

* OSX/Unix malware
* Mobile malware
* Hardware/firmware rootkits
* Investigating IPs, domains, etc

We will study specific families of malware (CoreFlood, Mebroot, Zeus, Laqma, Silent Banker, Kraken, Waledac, Gozi, Limbo, Tigger, and Conficker to name a few), as well as generic malware of Chinese descent and several home-made trojans that we built to demonstrate certain things.