$3,000

Advanced Windows Implant Development & Detection

Event Information

Share this event

Date and Time

Location

Location

National Convention Centre Canberra

31 Constitution Avenue

Canberra, ACT 2601

Australia

View Map

Refund Policy

Refund Policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Event description
This course teaches students how to detect novel/bespoke memory resident malicious code on modern Microsoft Windows platforms.

About this Event

Traditionally, learning to successfully and reliably detect non-trivial malicious artefacts within Windows memory has been considered onerous; regarded only within the reach of the most seasoned and experienced analysts.

At its core, ‘Advanced Windows Implant Development & Detection’ is a course that teaches students how to detect novel/bespoke memory resident malicious code on modern Microsoft Windows platforms using reasoning from first principles. This course approaches the topic using a development framework, enabling students to ‘think like an adversary’ and/or ‘think like a system developer’. Doing so establishes a foundation upon which detection analysis using a cartesian doubt methodology can be applied.

At a high level, by the end of the course students will have achieved the following outcomes:

  • Developed a non-trivial Windows implant in C;
  • Inspected and understood the implant’s execution in memory using WinDBG;
  • Deployed and controlled the implant in a remote environment; and
  • Detected and dissected the implant from within a memory capture of the infected environment using a custom Volatility plugin.

Instructor Bio:

Christian (@int3rrupt) is a senior intrusion analyst and advanced persistent threat hunter for a leading international cyber security company. He is also the author and lecturer of the University of New South Wales ‘Digital Forensics’ course, which is part of their Cyber Security Masters program. Previously, Christian was employed by the Australian Signals Directorate, in both technical and leadership roles. He has extensive experience in threat hunting, digital forensics, incident response, malware analysis and cyber counterintelligence.

Christian is keenly interested in operating system internals, and understanding the implementation of implants and binary toolkits. Simply, he just likes to know how things work on the inside. He is an advocate of analysis via first principles, assertions founded in hard evidence, and encouraging analysts to write their own tools.

Share with friends

Date and Time

Location

National Convention Centre Canberra

31 Constitution Avenue

Canberra, ACT 2601

Australia

View Map

Refund Policy

Contact the organiser to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved