Introduction to Malware Analysis
Almost every computer incident involves a trojan, backdoor, virus, or rootkit. Incident responders must be able to perform rapid analysis on the malware encountered to cure current infections and prevent future ones. This course provides a quick introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach. Students will learn how to extract host- and network-based indicators from a malicious program using dynamic and static analysis techniques. They will learn the basics of how to find the functionality of a program by analyzing disassembly and by watching how it modifies a system as it runs in a debugger. Each section is filled with in-class demonstrations and hands-on labs with real malware where the students practice what they have learned in a safe environment. This class is taught by M-Labs malware analysts who are experienced in analyzing a diverse set of malware.
Intermediate Malware Analysis
The malware author’s job is to develop software that can collect and return data, run undetected, frustrate reverse-engineering efforts and make detection as difficult as possible. Building on the material presented in our Introduction to Malware Analysis class, this course dives deeper into three areas critical to successful malware reverse engineering: disassembly, debugging and Windows internals. Other topics covered include how to determine the functionality of a program by analyzing disassembly and observing the changes made to the system as it runs, how to extract investigative leads from host- and network-based indicators associated with a malicious program, and how to identify specific coding constructs in disassembly. Additional topics will include the art of dynamic analysis and a discussion of the Windows application programming interfaces (APIs) most often used by malware authors. Each section is filled with in-class demonstrations and instructor-led exercises. Students also complete labs to reinforce key concepts.
Advanced Malware Analysis
Malware authors sometimes take deliberate steps to thwart the reverse engineering of their malware. Designed for the experienced malware analyst, this course focuses on advanced topics related to combating malware defense mechanisms. A robust skill set in x86 architecture and the Windows APIs is essential. Students will learn how to specifically combat anti-disassembly, anti-debugging and anti-virtual machine techniques. Students will also learn how to defeat packed and armored executables and will be challenged to demonstrate these skills several times throughout the course. Additional topics covered will include: malware stealth techniques such as process injection and rootkit technology; analyses of samples written in alternate programming languages, such as Delphi and C++; and a review of available tools and techniques. All concepts and materials presented are reinforced with demonstrations, real-world case studies, follow-along exercises and labs to allow students to practice what they have learned. This class is taught by senior M-Labs malware analysts who are experienced in fighting through the state-of-the-art malware armor.
Wireless computing devices are everywhere and new products seem to appear daily. The explosive growth of wireless devices also brings an increased risk to networks permitting wireless access. As a result, network and information security personnel must understand the risk of wireless computing. The Mandiant Wireless Security course is a two-day class specifically designed for professionals who support, design, or assess IEEE 802.11 wireless environments, commonly known as Wi-Fi. It is a hands-on course presented from the attacker’s perspective and helps students understand the wireless attacker methodology. The course includes a variety of case studies and numerous lab exercises to reinforce wireless security concepts and materials.
Network Traffic Analysis
Sophisticated attackers frequently go undetected in a victim network for an extended period of time. Attackers know how to blend their traffic with legitimate traffic and only the skilled network traffic analyst will know how to find them. Network traffic analysis is a critical skill set for any organization. Mandiant’s intense three-day Network Traffic Analysis course prepares students to face the challenge of identifying malicious network activity. The course provides students with an overview of network protocols, network architecture, intrusion detection systems, network traffic capture and traffic analysis. The course consists of lectures and hands-on labs to reinforce technical concepts.
Cyber Crime & Incident Response
Enterprise Incident Response
Attacks against computer systems continue to increase in frequency and sophistication. In order to effectively defend data and intellectual property, organizations must have the ability to rapidly detect and respond to threats. Mandiant has developed the Mandiant Enterprise Incident Response course to provide security personnel the skills needed to quickly identify and respond to sophisticated attacks. The course is based on the real-world experience of Mandiant consultants who have years of experience combatting sophisticated attacks. The course includes real-world case studies and hands-on exercises.
Introduction to Cyber Crime for Executives
Network security breaches transform calm working environments into high-stress battle zones that require executives to rapidly make key decisions impacting the company and the investigation. Informed executives are better equipped to understand the threat and make the right decisions in minimal time. The Mandiant Introduction to Cyber Crime for Executives was developed to educate senior staff on cyber crime and incident response. During the course, instructors will walk students through a scenario based on real-world intrusions involving sophisticated attackers. The scenario is provided from both the attacker and victim perspectives. Throughout the course, instructors teach students about the tactics and technologies used by the victim and attackers. The scenario illustrates the most common method attackers use to establish a foothold and remain undetected in the victim network. The class discusses the pros and cons of the various courses of action available to the victim and gives students critical insight into the many issues investigators and victim organizations face in defending networks and responding to security breaches.
Unix and Windows Investigations
Attacks against systems running variants of the Unix operating system are on the rise. In order to effectively respond to the escalating threat, organizations must have skilled information security staff able to rapidly detect and remove threats. Mandiant developed the Unix Investigations course to give information security personnel the fundamental skills needed to quickly identify and eliminate threats targeting Unix or variants of the Unix operating systems. Based on the real-world experience of Mandiant consultants who have years of experience combating these types of attacks, the course reinforces key concepts with hands-on exercises to ensure students gain practical experience in each critical area discussed.
Introduction to Linux for Security Professionals
The Mandiant Linux for Security Professionals course introduces information security professionals to the Linux operating system and helps prepare them to conduct investigations in a Unix environment. The course follows the “learn by doing” philosophy. Students perform Linux/Unix commands and discover how the operating system functions. Attendees will primarily operate in the command-line environment. The course includes relevant case studies and reinforces key concepts with hands-on exercises to ensure students gain practical experience in each critical area discussed.