PenTest Magazine | Malware

PenTest Magazine | The Implication of Malware in Penetration Testing Workshop

2
By the the end of this WORKSHOP, you will:
Understand the mechanisms that malwares employ to
exploit the local OS vulnerabilities
Be able to establish their command and control server,
managing to obtain full control on the conquered victims
device.
The Implication of
Malware in Penetration
Testing Workshop
YOUR INDIVIDUAL TUTOR:
Massimiliano Sembiante is an Author and an Independent
Security Researcher at RIFEC Security (Research
Institute of Forensic and E-Crimes) focusing on: Stealth,
polymorphic and armored malware, reverse engineering,
digital forensic, investigating new attack vectors,
advanced approaches to bypass protection mechanisms,
new intrusion methodologies, antivirus adaptation and
detection avoidance, sandbox, Pen-Test, BotNet analysis,
code exploitation and corruption, vulnerability and bugs
discovery, tools and scripts development.
Massimiliano holds a Master Degree in Computer Security
from the University of Liverpool (UK). He has more than
20 years background in Information Technology, covering
multiple roles and responsibilities for customers such
as: Governments, Military, Enterprise and Corporations,
Financial institutions, Power and Telecommunication
companies. During the last 8 years, Massimiliano has been
employed at UBS Bank, working with the global security
and risk team as an IT Security and Risk Expert.
Malware | PenTest Magazine
The Implication of Malware in Penetration Testing Workshop | PenTest Magazine
3
We will present extensive and novel knowledge of Malware techniques and describe its
practical methods and procedures from both perspectives: Defense and Attack.
In this workshop, we are going to:
Discuss the malicious codes and look peering through the Penetration testing that are
closely related,
Uniquely focus on how we can analyze the malicious codes to understand how to
efficiently & in a timely manner detect the rogue applications and how they can infect a
system,
Focus on how those codes propagate themselves inside the victims system bypassing
the system-employed computer and network protections and how they communicate
through the network, creating the so called BotNets.
Furthermore:
We will do an extensive review on the mobile malwares that target Android and IOS
operating systems.
Ultimately, this workshop will initially provide you with:
A strong overview of the most common and effective protection methodologies and
their practical applications,
Explanation on how a malware can defeat and bypass all the efforts and smartness
being used to maintain security in the victims system.
This training attempts to simulate a full realistic Penetration Testing using Malware
experience by exposing the students to diverse and practical system environment.
If you are interested in exposing yourself to a diverse and a practical experience in
the field, Hurry Up and subscribe for our workshop to start your challenging career
experience in Penetration Testing!!!
Workshop Prerequisites
The minimum prior knowledge required for your success in this workshop is as follows:
Computer Security knowledge (Advanced level)
Programming and Development (Basic level)
Operating Systems (Admin level)
Networking (Basic level)
Want to learn enthusiastically in a way that will grow and challenge your career in the
Penetration Testing field and defeat any learning difficulties
THIS WORKSHOP:
Is designed to PURELY MEET THE PRACTICAL EXPERIENCES in the penetration
testing field that are currently essential for security auditors and researchers,
Is especially designed and compacted for those who are in need of acquainting
themselves with the unique world of Malware in penetration testing.
PenTest Magazine | Malware
PenTest Magazine | The Implication of Malware in Penetration Testing Workshop
4
What will you learn in This Workshop?
The workshop will run for four consecutive weeks (four modules); each has specific
topics and materials to cover. By the end of each module, students will have to take a
challenging test to assess their understanding of the topics covered in each module.
The modules are organized in a way that ensures the best understanding of the whole
topic. Below are the modules:
Week 1
Introduction
Malware history
Definitions and classifications
Propagation and Infection
Malware identification
Current protection architectures (Antivirus, firewall, IDS etc)
Malware attack vector
Test
Week 2
Virus Compiled, Interpreted, Resident and Non-resident
Obfuscation Techniques
Malware analysis 1 (Trojans, Worms, Sypwares, keyloggers, backdoors)
Malware analysis 2 (RootKit, Ransomware, Botnet)
Virtualization Malwares
Examples (Stuxnet, Ransomware, Cryptolocker, etc)
AV Evasion techniques
Exploit-as-a-Service
Test
Week 3
Mobile Devices threat
Malware Analysis on Android part 1
Malware Analysis on Android part 2
Malware Analysis on IOS part 1
Malware Analysis on IOS part 2
Mobile device assessment and penetration Test
Mobile Device Threats, Policies, and Security Models
Test
Week 4
Penetration Test Methodologies (focus will be on Malwares)
Network analysis and malwares
Local threat analysis
Honeypot and malware detection
Infection evaluation with Sandbox
Creating and using Malware for Pen-Test purposes
Metasploit Framework Attack and Defense (using Malware)
Future trends
Final Test