Prerequisites: For Attendees:
1) Laptop with 8 GB RAM
2) VirtualBox or VMWare (Only if running Linux in VM)
3) Working Ubuntu 19.10 installation (either host or VM)
4) Latest versions of GCC Compiler suite, GDB, GNU Make (install from official repositories)
5) Qt Creator or any other IDE


->Attendees should be comfortable with fundamentals of C and C++ (conditionals, loops, function, parameters, class, struct, OOP, pointers, file I/O). A basic understanding of assembly will be helpful, but is not strictly required (basics will be covered as they are needed).



->Workshop Date: FEBRUARY 29, 2020

->Workshop Duration: 8 Hours


About Trainer

karan

Mr ADHOKSHAJ MISHRA

is mostly a self taught guy who is interested in computers since early childhood. Currently he is working in field of information security (cryptology and malware to be precise).





About Course

In this course, following topics will be covered:


  • TOPICS

    0) Why study malware techniques?

    1) Quick walk through internals of Linux
    • a) Process and process management
    • b) Thread
    • c) Procfs
    • d) Shared objects
    • e) ELF Format
    • f) ELF Loader

  • 2) Injection techniques
    • a) Controlling the ELF Loader
    • b) Overriding the ELF Loader
    • c) Injecting shared object
    • d) Injecting native code

    3)Hooking techniques
    • a) Function hooking
    • b) Parameter poisoning
    • c) Hooking POSIX calls

    4) Anti-Debugging techniques
    • a) Detecting presence of debugger
    • b) Preventing debugging

    5) Persistent Techniques
    • a) User level persistence
    • b) System level persistence

    6) Anti-Reversing Techniques
    • a) Encoded payload
    • b) Encrypted payload
    • c) Overlapping machine codes

    7) Self-Debugging Code
    • a) Ptrace
    • b) Tracing a process
    • c) Setting breakpoint
    • d) Handling debugger events
    • e) Controlling target process

    8) Countermeasures