fireeye-training-page-600x134

Jun
26
Mon
FireEye – Mandiant Malware Analysis Crash Course 26-27 June 2017 @ Exclusive Networks
Jun 26 @ 09:00 – Jun 27 @ 17:00
FireEye - Mandiant Malware Analysis Crash Course 26-27 June 2017 @ Exclusive Networks | Duffel | Vlaanderen | Belgium

Price:  €2000 excl. VAT
Date:
26 & 27 June
Duration: 2 Days
Timing:
9h00 – 17h00
Location: Exclusive Networks

OVERVIEW
This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach. Students will learn how to find the functionality of a program by analyzing disassembly and by watching how it modifies a system and its resources as it runs in a debugger. Students will learn how to extract host and network-based indicators from a malicious program. Students will be taught about dynamic analysis and the Windows APIs most often used by malware authors. Each section is filled with in-class demonstrations and hands-on labs with real malware where the students practice what they have learned.

What You Will Learn:

  • Hands-on malware dissection
  • How to create a safe malware analysis environment
  • How to quickly extract network and host-based indicators
  • How to perform dynamic analysis using system monitoring utilities to capture the file system, registry, and network activity generated by malware
  • How to debug malware and modify control flow and logic of software
  • To analyze assembly code after a crash course in the Intel x86 assembly language
  • Windows internals and APIs
  • How to use key analysis tools like IDA Pro and OllyDbg
  • What to look for when analyzing a piece of malware
  • The art of malware analysis – not just running tools

WHO SHOULD TAKE THIS COURSE
Software developers, information security professionals, incident responders, computer security researchers, puzzle lovers, corporate investigators, or others requiring an understanding of how malware works and the steps and processes involved in performing malware analysis.

STUDENT REQUIREMENTS 

  • Excellent knowledge of computer and operating system fundamentals
  • Computer programming fundamentals and Windows Internals experience is highly recommended

WHAT STUDENTS SHOULD BRING
Students must bring their own laptop with VMware Workstation, Server, or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space. A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.

WHAT STUDENTS WILL BE PROVIDED WITH

  • A student manual
  • Class handouts
  • Mandiant gear
  • lunch and drinks
Jun
28
Wed
FireEye – Mandiant Enterprise Incident Response Course 28-30 June 2017 @ Exclusive Networks
Jun 28 @ 09:00 – Jun 30 @ 17:00
FireEye - Mandiant Enterprise Incident Response Course 28-30 June 2017 @ Exclusive Networks | Duffel | Vlaanderen | Belgium

Price:  €3000 excl. VAT
Date:
28, 29 & 30 June
Duration: 3 Days
Timing:
9h00 – 17h00
Location: Exclusive Networks

OVERVIEW
This intensive three-day course is designed to teach the fundamental investigative techniques needed to respond to today’s landscape of threat actors and intrusion scenarios. Updated yearly to reflect the latest in forensics and intrusion techniques, the class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of attack evidence, and the forensic analysis knowledge required to analyze those sources. Students will learn how to conduct rapid triage on a system to determine if it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms, develop indicators of compromise to further scope an incident, and much more.

COURSE DESCRIPTION
The course is composed of the following modules, with labs included throughout the instruction.

  • The Incident Response Process – An introduction to the targeted attack life cycle, initial attack vectors used by different threat actors, the stages of an effective incident response process, and remediation.
  • Acquiring Forensic Evidence – A basic overview of the most common forms of endpoint forensic evidence collection, and the benefits and limitations of each.
  • Introduction to Windows Evidence – An overview of the key sources of evidence that can be used to investigate a compromised Windows system, including the NTFS file system, Prefetch, web browser history, event logs, the registry, memory, and more.
  • Persistence
  • Investigating Lateral Movement – An in-depth analysis of how attackers move from system to system in a compromised Windows environment, the distinctions between network logons and interactive access, and the resulting sources of evidence on disk, in logs, and in the registry.
  • Hunting – How to apply the lessons learned from the previous modules to proactively investigate an entire environment, at-scale, for signs of compromise.I
  • Investigating Web Application Attacks –This module focuses on how to analyze web logs to recognize and interpret common attack techniques.

DOWNLOAD HERE FULL TRAINING DESCRIPTION


WHO SHOULD TAKE THIS COURSE
This is a fast-paced technical course that is designed to provide hands-on experience with investigating targeted attacks and the analysis steps required to triage breached systems. The content and pace is intended for students with some background in conducting forensic analysis, network traffic analysis, log analysis, security assessments and penetration testing, or security architecture and system administration duties. It is also well suited for those managing CIRT / incident response teams, or those in roles that require oversight of forensic analysis and other investigative tasks.
STUDENT REQUIREMENTS
Students must have a working understanding of the Windows operating system, file system, registry, and use of the command line. Familiarity with Active Directory and basic Windows security controls and common network protocols is also beneficial.

WHAT STUDENTS SHOULD BRING
Students must bring their own laptop with VMware Workstation, Server, or Fusion installed (VMware Player is acceptable, but not recommended). Laptops should have at least 20GB of free space.

A licensed copy of IDA Pro is highly recommended to participate in ALL labs, but the free version can be used in most cases.

WHAT STUDENTS WILL BE PROVIDED WITH

  • A student manual
  • Class handouts
  • Mandiant gear
  • lunch and drinks

FireEye Training & Workshops