{"id":2722,"date":"2021-06-14T13:47:52","date_gmt":"2021-06-14T11:47:52","guid":{"rendered":"https:\/\/archive.brucon.org\/2023\/?page_id=2722"},"modified":"2023-06-15T15:13:06","modified_gmt":"2023-06-15T13:13:06","slug":"a-complete-practical-approach-to-malware-analysis-and-memory-forensics","status":"publish","type":"page","link":"https:\/\/archive.brucon.org\/2023\/brucon-2023-training\/a-complete-practical-approach-to-malware-analysis-and-memory-forensics\/","title":{"rendered":"A Complete Practical Approach to Malware Analysis and Memory Forensics"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]<\/p>\n<h2>Course Description<\/h2>\n<p><span style=\"font-weight: 400\">\u00a0This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis &amp; memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis. <\/span><\/p>\n<p><span style=\"font-weight: 400\">This course consists of scenario-based hands-on labs after each module which involves analyzing real-world malware samples and infected memory images (crimeware, APT malware, fileless malwares, Rootkits etc). This hands-on training is designed to help attendees gain a better understanding of the subject in short span. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. <\/span><\/p>\n<p><span style=\"font-weight: 400\">The training also demonstrates how to integrate the malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course attendees will be better equipped with skills to analyze, investigate and respond to malware-related incidents.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The training provides practical guidance and attendees should walk away with the following skills:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How malware and Windows internals work<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to create a safe and isolated lab environment for malware analysis<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">What are the techniques and tools to perform malware analysis<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to perform static analysis to determine the metadata associated with malware<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to perform dynamic analysis of the malware to determine its interaction with process, file system, registry and network<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to perform code analysis to determine the malware functionality<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to debug a malware using tools like IDA Pro, Ollydbg\/Immunity debugger\/x64dbg<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to analyze downloaders, droppers, keyloggers, fileless malware, HTTP backdoors, etc.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">What is Memory Forensics and its use in malware and digital investigation<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Ability to acquire a memory image from suspect\/infected systems<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to use open source advanced memory forensics framework (Volatility)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding of the techniques used by the malwares to hide from Live forensic tools<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding of the techniques used by Rootkits(code injection, hooking, etc.)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Investigative steps for detecting stealth and advanced malware<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How memory forensics helps in malware analysis and reverse engineering<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to incorporate malware analysis and memory forensics in sandbox<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">How to determine the network and host-based indicators (IOC)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Techniques to hunt malwares<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Course contents<\/h2>\n<h4><span style=\"font-weight: 400\">Introduction to Malware Analysis:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">What is Malware<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">What they do<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Why malware analysis<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Types of malware analysis<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Setting up an isolated lab environment<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Static Analysis:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Fingerprinting the malware<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Extracting strings<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Determining File obfuscation<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Pattern matching using YARA<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Fuzzing hashing &amp; comparison<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding PE File characteristics<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Disassembly<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise involves analyzing real malware sample<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Dynamic Analysis\/Behavioural analysis:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Dynamic Analysis Steps<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding Dynamic Analysis tools\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Simulating services<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Performing Dynamic Analysis<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Monitoring process, filesystem, registry and network activity<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Determining the Indicators of compromise (host and network indicators)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Demo &#8211; Showing the static &amp; dynamic analysis of real malware sample<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise involves analyzing real malware sample<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Automating Malware Analysis(sandbox):<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Custom Sandbox Overview<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Working of Sandbox<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Sandbox Features<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Demo &#8211; Analyzing malware in the custom sandbox<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Code Analysis:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Code Analysis Overview<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Disassembler &amp; Debuggers<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Code Analysis Tools<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Basics of IDA Pro<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Basics of Ollydbg\/x64dbg<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding the API calls<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Reversing Malware functionalities(Downloader, dropper, keylogger, code injection, HTTP backdoor)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise involves analyzing real malware sample<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Introduction to Memory Forensics:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">What is Memory Forensics<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Why Memory Forensics<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Steps in Memory Forensics<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Memory acquisition and tools<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Acquiring memory From physical machine<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Acquiring memory from the virtual machine<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on exercise involves acquiring the memory<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Volatility Overview:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Introduction to Volatility Advanced Memory Forensics Framework<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Volatility Installation<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Volatility basic commands<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Determining the profile<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Volatility help options<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Running the plugin<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Investigating Process:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding Process Internals<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Process(EPROCESS) Structure<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Process organization<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Process Enumeration by walking the double linked list<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">process relationship (parent-child relationship)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding DKOM attacks<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Process Enumeration using pool tag scanning<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Volatility plugins to enumerate processes<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Identifying malware process<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise(scenario based) involves investigating malware infected memory\u00a0<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Investigating Process handles &amp; Registry:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Objects and handles overview<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Enumerating process handles using Volatility<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding Mutex<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Detecting malware presence using mutex\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding the Registry<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Investigating common registry keys using Volatility<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Detecting malware persistence\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise(scenario based) involves investigating malware infected memory\u00a0<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Investigating Network Activities:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding malware network activities<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Volatility Network Plugins<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Investigating Network connections<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Investigating Sockets<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise(scenario based) involves investigating malware infected memory<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Investigation Process Memory:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Process memory Internals<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Listing DLLs using Volatility<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Identifying hidden DLLs<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Dumping malicious executable from memory<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Dumping Dll&#8217;s from memory<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Scanning the memory for patterns(yarascan)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise(scenario based) involves investigating malware infected memory<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Investigating User-Mode Rootkits &amp; Fileless Malwares:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Code Injection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Types of Code injection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Remote DLL injection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Remote Code injection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Reflective DLL injection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hollow process injection<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Demo &#8211; Case Study<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise(scenario based) involves investigating malware infected memory<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Memory Forensics in Sandbox technology:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Sandbox Overview<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Integrating Memory Forensics into a sandbox<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Demo &#8211; showing the use of memory forensics in a custom sandbox<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Investigating Kernel-Mode Rootkits:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding Rootkits<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding Functional call traversal in Windows<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Level of Hooking\/Modification on Windows<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Kernel Volatility plugins<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hands-on lab exercise(scenario based) involves investigating malware infected memory<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Demo &#8211; Rootkit Investigation<\/span><\/li>\n<\/ul>\n<h4><span style=\"font-weight: 400\">Memory Forensic Case Studies:<\/span><\/h4>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Demo &#8211; Hunting an APT malware from Memory<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][vc_column][vc_column_text]<\/p>\n<h2>Who should take this course?<\/h2>\n<p><span style=\"font-weight: 400\">This course is intended for\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Forensic practitioners, incident responders, cyber-security investigators, security researchers, malware analysts, system administrators, software developers, students and curious security professionals who would like to expand their skills\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Anyone interested in learning malware analysis and memory forensics.<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2>Requirements<\/h2>\n<p><span style=\"font-weight: 400\">Students should:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Be familiar with using Windows\/Linux<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Have an understanding of basic programming concepts, while programming experience is not mandatory.<\/span><\/li>\n<\/ul>\n<h2>Hardware\/Software Requirements<\/h2>\n<p><span style=\"font-weight: 400\">Students should bring:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Laptop with minimum 6GB RAM and 40GB free hard disk space<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Laptop with USB ports. The lab samples and custom Linux VM will be shared via USB sticks<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">VMware Workstation or VMware Fusion (even trial versions can be used).\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Windows Operating system (preferably Windows 10 64-bit, even Windows 8 and Windows 7 versions are fine) installed inside the VMware Workstation\/Fusion. You must have full administrator access for the Windows operating system installed inside the VMware Workstation\/Fusion.<\/span><\/li>\n<\/ul>\n<p><b>Note:<\/b><span style=\"font-weight: 400\"> VMware player or VirtualBox is not suitable for this training. The lab setup guide will be sent you after registration.<\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<\/p>\n<h2>Trainer Biography<\/h2>\n<p><span style=\"font-weight: 400\"><strong>Monnappa K A<\/strong> is a Security professional with over 15 years of experience in incident response and investigation. He previously worked for Microsoft &amp; Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. <em>He is the author of the best-selling book &#8220;Learning Malware Analysis.<\/em>&#8221; He is the review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility plugin contest 2016. He co-founded the cybersecurity research community &#8220;Cysinfo&#8221; (<a href=\"https:\/\/www.cysinfo.com\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cysinfo.com<\/a>). He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat, BruCON, HITB, FIRST (Forum of Incident Response and Security Teams), SEC-T, OPCDE, and 4SICS-SCADA\/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA\/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. <\/span><\/p>\n<p><span style=\"font-weight: 400\">You can find some of his contributions to the community on his YouTube channel (<a href=\"http:\/\/www.youtube.com\/c\/MonnappaKA\" target=\"_blank\" rel=\"noopener\">http:\/\/www.youtube.com\/c\/MonnappaKA<\/a>), and you can read his blog posts at <a href=\"https:\/\/cysinfo.com\" target=\"_blank\" rel=\"noopener\">https:\/\/cysinfo.com\u00a0<\/a><\/span><\/p>\n<p>Twitter: <a href=\"https:\/\/twitter.com\/monnappa22\" target=\"_blank\" rel=\"noopener\">@monnappa22<\/a>[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/6&#8243; css=&#8221;.vc_custom_1597411551164{padding-top: 50% !important;}&#8221;][vc_single_image image=&#8221;1822&#8243; style=&#8221;vc_box_circle&#8221;][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;1\/6&#8243; css=&#8221;.vc_custom_1597411551164{padding-top: 50% !important;}&#8221;][vc_single_image style=&#8221;vc_box_circle&#8221;][\/vc_column][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<span style=\"font-weight: 400\"><strong>Sajan Shetty<\/strong> is a Cyber Security enthusiast. He is an active member of Cysinfo, an open Cyber Security Community(<a href=\"https:\/\/www.cysinfo.com\" target=\"_blank\" rel=\"noopener\">https:\/\/www.cysinfo.com<\/a>) committed to educating, empowering, inspiring, and equipping cyber security professionals and students to better fight and defend against cyber threats. He has conducted training sessions at Black Hat, and his primary fields of interest include machine learning, malware analysis, and memory forensics. He has various certifications in machine learning and is passionate about applying machine learning techniques to solve cybersecurity problems.<\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<style type=\"text\/css\">.thegem-button-6a2e073accb088547 .gem-button svg {fill: #ffffff;}.thegem-button-6a2e073accb088547 .gem-button:hover svg {fill: #ffffff;}<\/style><div class=\"gem-button-container gem-button-position-fullwidth thegem-button-6a2e073accb088547    \"  ><a class=\"gem-button gem-button-size-giant gem-button-style-flat gem-button-text-weight-normal\" data-ll-effect=\"drop-right-without-wrap\" style=\"border-radius: 3px;background-color: #b43836;color: #ffffff;\" onmouseleave=\"this.style.backgroundColor='#b43836';this.style.color='#ffffff';\" onmouseenter=\"this.style.backgroundColor='#ef5047';this.style.color='#ffffff';\" href=\"https:\/\/brucon0x0f-training.eventbrite.co.uk\" target=\"_self\">Buy Training Ticket<\/a><\/div> [\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_empty_space][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text] Course Description \u00a0This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis &amp; memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis. This course consists of scenario-based&#8230;<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":75,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2722","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/2722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/comments?post=2722"}],"version-history":[{"count":7,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/2722\/revisions"}],"predecessor-version":[{"id":3420,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/2722\/revisions\/3420"}],"up":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/pages\/75"}],"wp:attachment":[{"href":"https:\/\/archive.brucon.org\/2023\/wp-json\/wp\/v2\/media?parent=2722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}