Part 2: A Gentle Introduction into Malware Analysis

Date: Sunday, December 1
Time: 6:00 pm – 9:00 pm
Location: S302

As iterated in the previous email, we have our 2nd Malware Analysis workshop with Jason and Ken on Sunday! This workshop will offer a quick introduction to assembly and disassembly in the context of Malware Analysis. After a brief intro on assembly concepts, it will dive straight into hands-on examples. Participants will get to reverse engineer very simple programs (none of these malicious) and then more complicated crackmes. We’ll talk about code constructs, the stack and function calls, etc. Basic knowledge of C will be helpful.

Tools and General Requirements

A Linux machine is necessary. We will also be running exercises on the Windows machine that we provided last time.

Binaries of exercises will be provided in a .zip and the associated source code will be uploaded to Github. Any other crackmes will be provided.

Please set up virtual machine beforehand as we will not wait for those who are not prepared. Unlike last time, it is a simpler setup.

VirtualBox VM: https://drive.google.com/open?id=13vLxF8m4fFjgVEOw_u_BGza2AXPySEAc

Take-Home Resources

Reverse Engineering for Beginners: https://beginners.re/ (FREE!)
Linux Syscalls https://syscalls.kernelgrok.com/
GEF Cheat Sheet
https://github.com/zxgio/gdb_gef-cheatsheet/blob/master/gdb_gef-cheatsheet.pdf
IDA Basics https://resources.infosecinstitute.com/basics-of-ida-pro-2/#gref

Meeting on November 29

Date: 2019-11-29
Time: 19:00 – 20:35
Location: Room J102, Sheridan Trafalgar Campus, Oakville

Rough Agenda:
19:00 – Announcements with Louai
19:05 – News Roundup with Nick and Adam
19:25 – Rick’s Random Repo Rundown
19:35 – Project Den: Beginnings of a Home Lab by Talah Javaid
20:00 – Guest Speaker Anton Ovrutsky on Windows Security
20:35 – Wrap and refreshments (across the street at the pub)

Time to explain what’s in this meeting.

What do you get when you mix a burning desire to be lazy with some tools? Talah Javaid (aka @Pure Harami (Talah))! Talah Javaid will be running our #projectden for that evening and he will be talking about setting up a home lab to make your life a whole lot easier. Learn how to set up a network wide ad blocker, automatic downloader of new shows and a home camera system!

In the closing of our meeting, we have Anton Ovrutsky coming in to talk about a gentle introduction to Windows Security. Anton Ovrutsky is a senior security specialist at Equitable Life Insurance. Anton is also a previous BSides Toronto speaker, C3X volunteer, and a OSCE, OSCP, CISSP, CSSP certificate holder. Anton holds interest in Windows security; mainly from a defensive standpoint. His talk will focus on the main attack surfaces and methodology to help you get started in this awesome field.

For those of you still interested in workshops, Jason Hong and Kenan Onuralp’s ‘Introduction to Malware Analysis Part Two’ will be held on Sunday. The workshop was originally scheduled for this Wednesday, November 27th but we have decided to push it to the Sunday.

We hope you enjoy the last ISSessions of the year with us. See you there!

Limited Space Workshop Soon!

This is a reminder that our next workshop is “Introduction to Red Teaming” by Mr. Benjamin Mahar who is the Director of Advisory at Security Compass. Ben will delve into a series of hands-on exercises that walk students though the red teaming process from initial access to full network compromise on a practice environment.

As per our usual meetings, it will take place at…
Location: Room J102
Time: Saturday, Nov 23, 9:30AM – 5:30PM

Prerequisites:
This is an advanced workshop. While the tools themselves are not complex, the underlying concepts can be quite daunting for beginners. You will need to have a good understanding of:

  • Networking (TCP/IP, IP routing, VPNs, network scanning, OS fingerprinting, proxies)
  • Windows (RDP, Scheduled Tasks, Registry, CMD, DLLs, WMI, etc.)
  • Basic JavaScript (Event Listeners, XMLHTTPRequest, Browser Profiling)
  • Basic Cryptography (Public & Private Keys, Certificates, etc.)
  • nmap
  • Metasploit, Meterpreter, Searchsploit
  • OpenVPN

Requirements:

  1. Download and Install Kali Linux in a VM
  2. Open a terminal and run:
  3. sudo apt-get update && sudo apt-get upgrade
  4. (Optional) I also strongly suggest you play with nmap and Metasploit before the workshop. Cheatsheets may be provided to the best of our ability.

IMPORTANT NOTES:

If the prep work is not completed, you will NOT be allowed to participate. As such, please come prepared.

We will be opening up 40 seats for this workshop. Given the amount of knowledge required, we will be restricting the number of tickets allocated to first year students to 8. Tickets will be available (for free) on Eventbrite. If you are a first year student, ensure you select “First Year Admission”. Otherwise, select “Upper Year/Alumni Admission.” We will be checking OneCards/IDs at the door to verify your year. Tickets are first come, first serve. They will be released at 11:30AM Monday morning.

Please use the following link to sign up for the workshop.
iss-redteam sign up