The course will present an in-depth description of the techniques implemented in modern malware to evade defenders and security products (such as AVs, IPS, IDS, EDR), and how attackers design and operate their implants in order to ensure a prompt redeployment after a detection or a public disclosure by researchers or security vendors.
The course will also cover real-world scenarios that impair (effectively slow-down or dissuade) reverse engineering efforts and make the job of first responders tougher. The techniques will be demonstrated in two ways: first, by reversing real malware samples, and then by reimplementing an improved version of the malware code and developing custom offensive tools. The training is designed from an attacker's point of view, teaching red-teams how to make their implants stealthier, but it will also teach defenders how to deal with the anti-reversing and the OPSEC techniques demonstrated in class.
The course focuses primarily on Windows malware and on the analysis, tweaking and re-purposing of real malware samples. Participants will be provided with plenty of custom code to facilitate the understanding of complex malware techniques.
As part of the course, theory sessions will be followed by exercises where participants will reverse and re-implement specific parts of real malware in order to fully understand the hidden corners of all the techniques involved.
Dr. Silvio La Porta is a Senior Cyber Security Architect designing security products and researching advanced detection technology for complex malware/APT. Silvio previously was a lead research scientist with EMC Research Europe based in the Centre of Excellence in Cork, Ireland. His primary research focus areas were real-time network monitoring and data analysis in smart grids to detect malware activity in SCADA systems and corporate networks. He was also leading Security Service Level Agreement (Sec-SLA) and end user security/privacy protected data store projects for hybrid Cloud environment. He is a frequent speaker in professional and industry conferences. Before joining EMC, Silvio worked as a Malware Reverse Engineer in Symantec’s Security Response team in Dublin, Ireland. Silvio holds a PhD in Computer Network Security from the University of Pisa, Italy.
Dr. Antonio Villani spent the past years analyzing high level implants for top tier customers, providing detailed implementation information to support cyber-defense and cyber threat intelligence teams. Now, he uses his experience in the reverse-engineering of multi-stage implants to improve detection and response capabilities of endpoint security products. As a researcher he published in top tier conferences and journals and he partecipated to european research projects in the field of cyber resilience and data security. During its PhD he worked also in the field of malware research and digital forensic.