TT4 – Malcode & Threat Analysis

Trainers: Dr. Jose Nazario (Arbor Networks)
Capacity: 20 pax
Seats Left: 7
Duration: 2 days
Cost: (per pax) MYR3999 (early bird) / MYR4699 (non early-bird)



As the pace of challenges facing every network – and the people who have to defend them – grows, the need for more comprehensive information grows with it. When you can’t wait for AV firms and IPS vendors to provide a remedy on your timescale, you need to take matters into your own hands: “I need to protect the network, but I don’t have a lot of time or resources.”

This course is designed for information security professionals and enthusiasts who are tasked with protecting networks and businesses from a broad range of threats. This course will also suit people who are interested in learning more about the current Internet threat landscape. Students will learn how to identify new threats to their own networks and the internet at large, and how to protect against them.

Rather than focusing on reverse engineering and malcode dissection, we will instead focus on a simple approach that many people can use to quickly gather specific, usable information about threats. This course is not designed to be tool specific but rather it discusses a broad approach and multiple techniques that can be used quickly to assess new threats and determine how to respond to them. This class focuses on open, freely available tools to facilitate analysis. No programming or networking experience is required, but some operational experience is expected in order to get the most out of the training.

At the end of the two-day session, you should be able to:

* Detect new malware and quickly gather information about it
* Identify malicious websites and discover their attack vectors
* Identify and react to phishing attacks
* Characterize web-based attack vectors
* Analyze targeted attacks

Whom this training is for

* Network security staff
* System administrators
* People interested in learning about malcode, exploits, and targeted threats


* Decent knowledge of TCP/IP
* Familiarity Windows systems and major APIs
* Participants should bring their own laptop
* Choice of Operating System is optional (either Windows XP or Linux)

Agenda – Day 1

i.) New malware analysis and response
ii.) WHOIS and DNS investigations
iii.) Phishing attacks

Agenda – Day 2

i.) Analyzing software vulnerability reports
ii.) Analyzing web-based attacks (JS, ActiveX exploits, etc)
iii.) Characterizing PDF and Flash attack vectors
iv.) Information management

About Jose Nazario:

Dr. Jose Nazario is the senior manager of security research at Arbor Networks. In this capacity, he is responsible for analyzing burgeoning Internet security threats, reverse engineering malicious code, software development, developing security mechanisms that are then distributed to Arbor’s Peakflow platforms via the Active Threat Feed (ATF) threat detection service.

Dr. Nazario’s research interests include large-scale Internet trends such as reachability and topology measurement, Internet-scale events such as DDoS attacks, botnets and worms, source code analysis tools, and data mining. He is the author of the books “Defense and Detection Strategies against Internet Worms” and “Secure Architectures with OpenBSD.