Malware and Crypto are our topics today, and we've got two hot Black Hat USA 2015 Trainings in each to cover. So without further ado...
Even a well-crafted instrument can be useless if its user lacks the knowledge to properly wield it. Cryptography is one such tool, notoriously difficult to use correctly -- which means without leaving yourself wide open to attack. Uses and Misuses of Cryptography (Part 1): How to Use Crypto Properly and Attack Those That Don't will focus on symmetric cryptography and hash functions: the concepts, the implementations, and the dangers. Real-world examples of crypto misuse will show the devastating consequences, and major known attacks on SSL/TLS will also be covered.
Crypto attacks evolve alongside the crypto schemes themselves, and when the current vulnerabilities are patched, those timeless attack concepts will form the foundation of the next generation of exploits. Beyond the BEAST: Deep Dives Into Crypto Vulnerabilities aims to deliver a deep understanding of how exploitable cryptographic vulnerabilities and problematic cryptographic protocols arise. Rather than focus on individual attacks, the training will delve deeper and examine their common underpinnings. What do Lucky13, hash length extensions, and Bitlocker bypass attacks have in common? If you understand the fundamental commonalities you can start finding novel attacks in new situations.
Moving on to malware, almost every computer incident involves a trojan, backdoor, virus, or rootkit, and responders must perform rapid malware analysis if they hope to cure current infections and prevent future ones. Malware Analysis Crash Course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach. Beyond learning dynamic analysis and the most-exploited APIs, you'll engage in hands-on malware dissection and walk away with a free copy of Mike Sikorski's "Practical Malware Analysis."
Finally, those looking to sharpen their malware-analysis skills should consider Special Topics in Malware Analysis, a fast-paced Training focusing on anti-reversing, packers, and special-case malware. After learning the obfuscation techniques used by malware you'll be challenged to defeat them in hands-on labs. The agenda includes packing, anti-disassembly, anti-debugging, and anti-virtual machine techniques, so come prepared to get your hands dirty.
Black Hat USA 2015 will occur at the Mandalay Bay resort in Las Vegas. It goes down August 1-6, and there's still time to lock in early-bird discounts if you register before June 6.