Black Hat Digital Self Defense USA 2006
Training

training

Black Hat USA 2007 Briefings and Training
Caesars Palace, Las Vegas July 28-29 (Weekend) & July 30-31 (Weekday)

Course Length: 2 days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Black Hat Registration

Advanced Incident Response:
Determining Functionality of Captured Unknown Binaries

Mandiant

What to bring:
Students are to bring a laptop computer containing:

  • Windows® 2K or XP
  • Administrator Access
  • CD-ROM Drive
  • Network Card

General knowledge of computer and operating system fundamentals is required.

Students should have some exposure to software development.  Experience in assembly and C, while not required, would be beneficial.

Suggested reading “Real Digital Forensics” by Keith Jones & Curtis Rose (Addison-Wesley)

Overview:
Information security professionals and others who specialize in computer intrusion response and investigations are often confronted with malicious software of unknown purpose and origin. Analysis of these unknown binaries can facilitate accurate threat assessments, improve incident detection, and facilitate successful remediation efforts. 

Unfortunately, most malicious software analysis courses require extensive specialized knowledge, cover advanced topics and require expensive software. This introductory course fills this much-needed gap for those interested in entering the field of malicious software analysis. While this is considered an introduction, the course is fast paced and covers an extensive range of technical topics.

The training provides a basic foundation of knowledge required to perform malicious software analysis with hands-on introductions to assembly, C, compilers, debuggers, executable file formats, and disassemblers. Once the foundation is established, the students are introduced to methods, tools and techniques for performing static and dynamic software analysis.

Students will perform hands-on static and dynamic analysis of intrusion binaries “captured in the wild”.  To facilitate the analysis, students will receive a copy of the free version of IDA disassembler. Students desiring to purchase IDA Pro will be provided coupons upon course completion entitling them to a 10% discount.

Topics to be Covered Include:

  • Legal Issues & Considerations
  • Introduction to Assembly
    • Registers
    • Stack
    • Addressing
    • x86 opcodes
    • Exercise
  • Byte order
  • Encoding Schemes
  • Executable file formats (Executable & Linking Format and Portable Executable)
  • Introduction to C  (Exercise)
  • Static Analysis
    • Introduce Static Analysis Tools
    • Disassembly (Exercise)
    • Analysis
  • Dynamic Analysis
    • Introduction to Tools
    • System Tracing & Monitoring (Exercise)
    • Debuggers (Exercise)
  • Practical Exercise

Pre-requisites
General knowledge of computer and operating system fundamentals is required.    Students should have some exposure to software development.  Experience in assembly and C, while not required, would be beneficial.

Who Should Attend

This introductory course is targeted to those individuals interested in learning the fundamentals of malicious software analysis.  For those already possessing these fundamental skills, we recommend more advanced training at the Black Hat conference such as

Outside of the conference, Datarescue, the publishers of IDA also offer training in the U.S. Information on their "Interactive DisAssembler Professional Training", taught by Ilfak Guilfanov, is available at www.ccso.com or www.datarescue.com.

Prerequisites
General knowledge of computer and operating system fundamentals is required. Students should have some exposure to software development. 

Experience in assembly and C, while not required, would be beneficial.

Suggested reading “Real Digital Forensics” by Keith Jones & Curtis Rose (Addison-Wesley)

Trainer:

Kris Kendall
Principal Engineer, MANDIANT

Mr. Kendall, a key leader of MANDIANT technical teams, has over eight years of experience in computer forensics and incident response.  He provides expertise in computer intrusion investigations, computer forensics, secure software development, and research & development of advanced network security tools and techniques.  He is a former Special Agent in the United States Air Force Office of Special Investigations, and has developed several innovative tools that advanced the state-of-the-art in the rapidly evolving field of reverse engineering and binary analysis.

Mr. Kendall earned both a Bachelor of Science and a Master of Engineering degree from the Massachusetts Institute of Technology.

Curtis W. Rose
Executive Vice President, MANDIANT

Curtis is a founding member of Mandiant, formerly known as Red Cliff Consulting, and is an industry-recognized expert in computer security with over eighteen years experience in technical and information security, investigations, and computer forensics.

Mr. Rose is an accomplished author, and his works include "Digital Forensics:  Computer Security and Incident Response", Addison-Wesley, and contributing author or technical editor for several security books including, "Anti-Hacker Toolkit", McGraw-Hill, copyright 2002; "Network Security: The Complete Reference", McGraw-Hill, copyright 2003; and "Incident Response:  Investigating Computer Crime", 2nd Edition, McGraw-Hill, copyright 2003. 

Black Hat Registration

Course Length: 2 days All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Cost:

Regular:
Ends May 31, 2007

Late:
Ends July 19, 2007

Onsite:
Begins July 20, 2007

$1800

$2000

$2200

Black Hat Logo
(c) 1996-2007 Black Hat