Malware Analysis Track
Incident response malware analysis has significantly different goals than long-term malware analysis. This track will provide the student with a base of knowledge for incident response malware analysis. During an active incident, the response team must have the ability to quickly and confidently describe the technical scope of the incident. Participants will return home with the skills necessary to rapidly produce useful, actionable information that can improve detection and hunting capability on your wires or in your hosts. The track will create self-reliance necessary to generate, deploy, and share high confidence detection rules to improve the defense and awareness of NNSA, DoE, and the entire Federal Government. The basics will be covered of navigating Windows API calls, program logic, and x86 byte code on Windows platforms to recognize patterns useful for creating detection rules. This track is for incident responders, taught by incident responders.
- Laptop running VMware Workstation at least version 9. (VMware Fusion on the Mac is fine)
- Fully configured VMWare Workstation Windows 7 virtual machine (An XP image will work as well, but class is designed around Windows 7). You must have administrative privileges and be able to completely disable AV or remove it on all machines.
If you bring a system with VirtualBox, VMware ESX Server, or anything that is not VMware Workstation be aware that some (possibly all) of the labs might have problems.
Copies of the free tools such as Ollydb, Sysinternal tools, etc. Students will also be given a virtual machine and various free software that the class author(s) have written.
TracerFIRE 5 Overview
Tracer FIRE 5 will be held entirely online. We recommend setting up dedicated space for participants at your site, so that they may focus on the training and excercise, away from their normal work environment.
Larger "regional hubs" are being established in key cities for participants to congregate. Information about hubs will be emailed to you after you register.