Christopher Kiefer

1) Malware Analysis Basics
2) Reversing Malicious Code
Understanding x86 assembly
Windows API used for registry, keylogging, HTTP, droppers
x64 code analysis

3) Malicious Web and Document Files
Interacting with malicious websites
De-obfuscating malicious JavaScript
Examining malicious Microsoft Office documents, including files with macros
Analyzing malicious RTF document files

4) In-Depth Malware Analysis
Unpacking code
Debuggers for dumping packed… Show more

1) Malware Analysis Basics
2) Reversing Malicious Code
Understanding x86 assembly
Windows API used for registry, keylogging, HTTP, droppers
x64 code analysis

3) Malicious Web and Document Files
Interacting with malicious websites
De-obfuscating malicious JavaScript
Examining malicious Microsoft Office documents, including files with macros
Analyzing malicious RTF document files

4) In-Depth Malware Analysis
Unpacking code
Debuggers for dumping packed malware from memory
Analyzing file-less malware
Code injection and API hooking

5) Examining Self-Defending Malware
How malware detects debuggers and protects embedded data
Unpacking malicious software that employs process hollowing
Handling code misdirection techniques, including SEH and TLS Callbacks

6) Malware Analysis Tournament
Behavioral malware analysis
Dynamic malware analysis (using a debugger)
Static malware analysis (using a disassembler)
JavaScript de-obfuscation
PDF document analysis
Office document analysis
Memory analysis Show less

1. Common Network Protocols.
2. Encryption and Encoding.
3. NetFlow Analysis and Attack Visualization.
4. Network Analysis Tool and Usage.
5. Network Architecture.
6. Network Protocol Reverse Engineering.
7. Open Source Network Security Proxies.
8. Security Event and Incident Logging.
9. Wireless Network Analysis.

I. Identification of MalicIous System and User Activity

II. Incident Response in an Enterprise Environment

III. Incident Response Process and Framework

IV. Timeline Artifact Analysis

VI. Timeline Collection

VII. Timeline Processing

VIII. Volatile Artifact Analysis

IX. Volatile Data Collection

X. Windows Filesystem Structure and Analysis
The candidate will demonstrate an understanding of core Windows filesystems, and the ability to… Show more

I. Identification of MalicIous System and User Activity

II. Incident Response in an Enterprise Environment

III. Incident Response Process and Framework

IV. Timeline Artifact Analysis

VI. Timeline Collection

VII. Timeline Processing

VIII. Volatile Artifact Analysis

IX. Volatile Data Collection

X. Windows Filesystem Structure and Analysis
The candidate will demonstrate an understanding of core Windows filesystems, and the ability to identify, recover, and analyze evidence from any file system layer, including the data storage layer, metadata layer, and filename layer.

XII. Windows System Artifact Analysis
The candidate will demonstrate an understanding of Windows system artifacts and how to collect and analyze data such as system back up and restore data and evidence of application execution. Show less

APPLICATION PROTOCOLS
app layer dissection & analysis including HTTP, SMTP, and Microsoft protocols

CONCEPTS OF TCP/IP AND THE LINK LAYER
TCP/IP comm. model and link layer operations

DNS
legitimate vs. malicious

FRAGMENTATION
concepts behind fragmentation-based attacks

IDS FUNDAMENTALS AND INITIAL DEPLOYMENT
architecture, benefits/weaknesses, and config options

IDS RULES
Create effective IDS rules

IP HEADERS
dissect IP packet… Show more

APPLICATION PROTOCOLS
app layer dissection & analysis including HTTP, SMTP, and Microsoft protocols

CONCEPTS OF TCP/IP AND THE LINK LAYER
TCP/IP comm. model and link layer operations

DNS
legitimate vs. malicious

FRAGMENTATION
concepts behind fragmentation-based attacks

IDS FUNDAMENTALS AND INITIAL DEPLOYMENT
architecture, benefits/weaknesses, and config options

IDS RULES
Create effective IDS rules

IP HEADERS
dissect IP packet headers and analyze: normal vs. anomaly

IPV6
analyze IPv6; issues involving IP6 over IPv4

NTWK ARCHITECTURE AND EVENT CORRELATION
IDS/IPS management issues, network architecture wrt intrusion detection, and event correlation

NTWK TRAFFIC ANALYSIS AND FORENSICS
analyze real traffic and associated artifacts: malicious vs. normal; discern malicious from FP

PACKET ENGINEERING
packet engineering & manipulation: packet crafting, OS fingerprinting, and IDS Evasion/Insertion

TCP
TCP expected responses to given stimuli

TCPDUMP FILTERS
craft tcpdump filters Show less

AJAX
AJAX technology and its known weaknesses

Automated Web Application Vulnerability Scanners
automated tools used to find web application vulnerabilities and their distinguishing features.

Cross Site Scripting and Attack Frameworks
XSS attacks and XSS attack frameworks

Programming Fundamentals
Javascript with Ajax, and Python

Reconnaissance
techniques used for reconnaissance

Scanning and Mapping
mapping and scanning web applications and… Show more

AJAX
AJAX technology and its known weaknesses

Automated Web Application Vulnerability Scanners
automated tools used to find web application vulnerabilities and their distinguishing features.

Cross Site Scripting and Attack Frameworks
XSS attacks and XSS attack frameworks

Programming Fundamentals
Javascript with Ajax, and Python

Reconnaissance
techniques used for reconnaissance

Scanning and Mapping
mapping and scanning web applications and servers: port scanning, identifying services and configurations, spidering, application flow charting and session analysis.

Session Tracking and SSL
session tracking and SSL/TLS use in web comms.; attacks that can leverage flaws in session state

SQL Injection
perform SQL injection attacks; dentify SQL injection vulnerabilities in applications

Understanding the Web and HTTP
web applications & architecture; thorough comprehension HTTP

Web App Pen Test Methodology and Reporting Show less

BROWSER FORENSICS

DIGITAL FORENSICS FUNDAMENTALS
forensic methodology, key forensics concepts, and identifying types of evidence on current Windows OS.

EVIDENCE ACQUISITION, PREPARATION AND PRESERVATION
evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques.

FILE AND PROGRAM ACTIVITY ANALYSIS
how Windows registry, file metadata, memory, and filesystem artifacts can be used to trace user… Show more

BROWSER FORENSICS

DIGITAL FORENSICS FUNDAMENTALS
forensic methodology, key forensics concepts, and identifying types of evidence on current Windows OS.

EVIDENCE ACQUISITION, PREPARATION AND PRESERVATION
evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques.

FILE AND PROGRAM ACTIVITY ANALYSIS
how Windows registry, file metadata, memory, and filesystem artifacts can be used to trace user activities on suspect systems

LOG ANALYSIS
various types of Windows event, service and application logs, and the types of information they can provide.

SYSTEM AND DEVICE PROFILING AND ANALYSIS
Windows registry structure, and how to profile Windows systems and removable devices.

USER COMMUNICATIONS ANALYSIS
forensic examination of user communication applications and methods, including host-based and mobile email applications, Instant Messaging, and other software and Internet-based user communication applications. Show less

The study of problem solving on computers. Utilize the power of computers in the problem solving process while dealing with the constraints of computers.

computer architecture, programming languages, computer networking, database systems, information management, and numerical analysis.

theoretical foundations of computer science and practical applications. Algorithms, data structures, software design, the concepts of programming languages, computer organization, and computer… Show more

The study of problem solving on computers. Utilize the power of computers in the problem solving process while dealing with the constraints of computers.

computer architecture, programming languages, computer networking, database systems, information management, and numerical analysis.

theoretical foundations of computer science and practical applications. Algorithms, data structures, software design, the concepts of programming languages, computer organization, and computer architecture.

applications programming, system analysis, and software engineering Show less