Enterprise businesses need malware analysts

True cybersecurity experts must be skilled at reverse engineering. Prior to SAS, Nico Brulez will hold a corresponding training session.

Most modern enterprise-level companies understand the menace of cyberthreats to business. Some of them have tried to solve cybersecurity problems with the help of system administrators and security software, but today more and more companies have realized the need for in-house experts and even security operation centers (SoCs).

One of the reasons more businesses are coming around is that modern attacks on business infrastructure are now carried out by atypical means. Attackers thoroughly develop their operations and sometimes write unique malicious code for each attack. This creates several problems with identification and protection from attacks, and, worse, it seriously complicates investigation. But to protect a company’s data, or at least to minimize the harm caused by an attack, sometimes you need to conduct a full analysis of the malicious code without delay.

That is why true cybersecurity experts must be skilled at, among other things, reverse engineering of malicious code. And they need not only theoretical knowledge, but also practical skills, that can be obtained by the analysis of real malware used in targeted attacks. Of course, information of that kind is not easy to come by, but we know one place where you can find it: the annual Security Analyst Summit, which will take place this year in early April in St. Maarten.

Prior to the conference, our experts will hold several training sessions, including a malware reverse engineering course. The trainer is Nico Brulez, principal security researcher on Kaspersky Lab’s Global Research & Analysis Team (GReAT).

The class is intended for students who have worked with malware and done reverse engineering already. Professionals doing forensics investigations, incident response, or malware analysis can benefit from the course as long as they have the prerequisites. It will be held from March 30 to April 2, the four days preceding the conference.

During the first day, students will focus on unpacking files manually to get working executables. Most popular packers will be covered to introduce various techniques that can be used on unknown packers — aka, How to unpack properly.

The second day focus on extracting shell codes from malicious documents and to reverse-engineer them statically. It focuses on tricks and shortcuts to use in IDA Pro for efficient static analysis, as well as introduction to IDA Python scripts used to speed up static reverse engineering.

On days three and four, students will work on several APT samples using the information learned in the first two days. Their goal will be to identify the actions of the threats, to be able to document their features and understand how they interact with C&C servers to receive commands.

A more detailed description of the training and the requirements for students can be found here. Everyone who signs up for this training will receive a 50% discount on visiting the SAS conference. You may enroll through this website or by sending a note to sas2017@kaspersky.com with the promo code 50SASPASS. Please note that seats are limited.

Tips