Step-by-Step Reverse Engineering Malware: ZeroAccess / Max++ / Smiscer Crimeware Rootkit | InfoSec Resources (quick plug – to all current & future reverse engineers – check out our Reverse Engineering Training Course. We’d love to publish your work next!) Part 1: Introduction and De-Obfuscating and Reversing the User-Mode Agent DropperPart 2: Reverse Engineering the Kernel-Mode Device Driver Stealth RootkitPart 3: Reverse Engineering the Kernel-Mode Device Driver Process Injection RootkitPart 4: Tracing the Crimeware Origins by Reversing the Injected Code This four part article series is a complete step-by-step tutorial on how to reverse engineer the ZeroAccess Rootkit. ZeroAcess is also known as the Smiscer or Max++ rootkit. You can either read along to gain an in-depth understand the thought process behind reverse engineering modern malware of this sophistication. InfoSec Institute would classify ZeroAccess as a sophisticated, advanced rootkit. At the conclusion of the analysis, we will trace the criminal origins of the ZeroAccess rootkit. Want to learn more?? Step-by-step Analysis .
Cheat Sheet : All Cheat Sheets in one page Sec and Infosec Related - MIT SIPB IAP 2009 Activities IAP 2009 Class List: Fri Jan 23, 5:00–7:00pm, 4-231 Single session event Prereq: basic familiarity with C C, love it or hate it, is somewhere at the foundation of most software today. Topics covered may include: function pointers addresses of labels using gotos safely and correctly full for loop notation (i = 0, j = i; i < k; i++; j-=2)... inline asm constraints on arguments clobbers clones volatile and register keywords gcc special arguments/features: alignment constraints on variables packed structs macro notation (pasting, evaluation, sub-blocks) Contact: David Greenberg, W20-557, x3-7788, sipb-iap-advancedc at mit dot edu Fri Jan 23, 3:00–5:00pm, 4-231 Canceled Single session event Prereq: some experience with some UNIX-like system, some programming experience. You are encouraged to bring your laptop. Web: Contact: Geoffrey Thomas, W20-557, x3-7788, sipb-iap-kernel at mit dot edu Wed. Leave Word behind forever!
tssci security IntroX86 Creator: Xeno Kovah @XenoKovah License: Creative Commons: Attribution, Share-Alike ( Class Prerequisites: Must have a basic understanding of the C programming language, as this class will show how C code corresponds to assembly code. Lab Requirements: Requires a Windows system with Visual C++ Express Edition. Class Textbook: “Professional Assembly Language” by Richard Blum. Recommended Class Duration: 2-3 days Creator Available to Teach In-Person Classes: Yes Author Comments: Intel processors have been a major force in personal computing for more than 30 years. 25% of the time will be spent bootstrapping knowledge of fully OS-independent aspects of Intel architecture. 50% will be spent learning Windows tools and analysis of simple programs. This class serves as a foundation for the follow on Intermediate level x86 class. The instructor-led lab work will include: * Boolean logic (and, or, xor, not) * Signed and unsigned multiplication and division
Software Security - CMU Overview: Poor software design and engineering are the root causes of most security vulnerabilities in deployed systems today. Moreover, with code mobility now commonplace--particularly in the context of web technologies and digital rights management--system designers are increasingly faced with protecting hosts from foreign software and protecting software from foreign hosts running it. This class takes a close look at software as a mechanism for attack, as a tool for protecting resources, and as a resource to be defended. Course Design and Goals: This course first covers state-of-the-practice, and progressively moves toward start-of-the-art in research. Describing and finding common vulnerabilities in programs such as buffer overflows in C programs and SQL injection vulnerabilities against websites. We will then move towards state-of-the-art in research, and cover topics such as model checking, symbolic execution, taint analysis, proof-carrying code, and other topics. Location
Training This section of the web site provides security training resources for infosec professionals based in or around the Northern Virginia (NoVA), DC, and MD areas. If there are any mistakes or information we should add, please let us know through our Contact Us form. For recent posts regarding this information, see the Recent Posts area below. Look for a complete list of all related posts on the Training category page. Northern Virginia Infosec Training Hacking Challenges A key part of being a good infosec profession is understanding what attackers are currently doing. ShmooCon Contests: As part of the annual ShmooCon conference in Washington, DC, the organizers usually sponsor a Hack-or-Halo challenge. Courses/Training at Conferences SANS Training: SANS provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks against the most dangerous threats – the ones being actively exploited. Formal Education OSes
Darknet - The Darkside - Ethical Hacking, Penetration Testing & Computer Security CS155 Computer and Network Security - Stanford Spring 2015 The course covers principles of building secure systems. We give many examples of how things can go wrong if these principles are not followed. Administrative Final Exam Students may take the final at either one of the following two dates: Option 1: (scheduled) Fri., 6/5, 3:30-6:30pm. For remote SCPD students: Please email the TAs with your email address, the email address of your SCPD monitor if you have one, and which day you would like to take the exam. Previous final exams: 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014. Homework Projects