In this awesome presentation, Monnappa KA explained the details of Ghost RAT malware used in various Cyber Espionage attacks. He showcased the sandbox analysis, traffic pattern and decrypting the communications of Ghost RAT from packet capture. He also demonstrated both manual and automated method of detecting and decrypting the communications of Ghost RAT using memory […]
You are browsing archives for
Category: Security Tools
SX 2nd Meetup – Reversing and Decrypting
In this awesome presentation, Monnappa explained about Etumbot malware used in a Cyber Espionage attack. He showcased the sandbox analysis, Reverse engineering and Decrypting the communications of Etumbot Backdoor using practical video demonstrations. Presentation: Video Demo 1: Video Demo 2: Video Demo 3: References: http://www.arbornetworks.com/asert/2014/06/illuminating-the-etumbot-apt-backdoor/ http://www.fireeye.com/blog/technical/botnet-activities-research/2014/09/darwins-favorite-apt-group-2.html
Session 11: (Part 2) Dissecting the Hear...
This is advanced session demonstrating various features of HeartBeat APT RAT. Kindly check out the reference section at the end of presentation for more details.
Session 10: (Part 1) Reversing & Decrypt
This session illustrates secrets of HearBeat Rat by reversing and decrypting its internal communication mechanism.
Session 9: Malware Analysis using PyMal ...
Pymal and Malpimp are the two tools developed by us to accelerate the analysis process. This session demonstrates the use and purpose of both tools.
Session 5: Reverse Engineering Automatio...
This is one of the most important session. We highly recommend the use of tools and plugins we have discussed in this session. Check reference section for more information.
Session 1: Detection and Removal of Malw...
This session will introduce you with some tools and tricks to identify and remove malwares from the infected system. Check the reference section for more information.
Session 5 – Reverse Engineering Basics a
Some tools like ollydbg, IDA pro etc. are little bit complex and may not make much sense at first. The most important part in reverse engineering is to deeply understand your tools. The 50% of success depends on the tools and rest is on your knowledge and experience. Check the help files (for example: ollydbg […]
Session 3 – Windows PE File Format Basic
This session is one of the most important session of the entire course. PE file format is the windows executable file format and a very good understanding of it will allow you to understand more advanced concepts of packers, loaders etc. Check the reference section for additional papers and books.
Session 1 – Reversing & Malware Analysis
This session will guide you to prepare your lab for malware analysis. Don’t forget to check the reference links to download the tools.