Workshop – Reverse Engineering of Malicious Scripts on Windows

Today, as part of the C-Days Conference, I attended a very interesting Workshop, related to reverse engineering of malware, presented by a member of CERT.PT (Computer Emergency Response Team), part of the Portuguese National Cybersecurity Centre.

Description

This workshop offers a hands-on approach to reverse engineering malicious scripts on Windows systems, covering JavaScript, VBS, and Powershell. Aimed at cybersecurity technicians, this workshop ranges from static and behavioral analysis to manual deobfuscation techniques using Python. The objective is to enable participants to identify, analyze and collect IoCs of these threats, thus enabling them to mitigate what is one of the most common types of malware used as an entry vector to compromise organizations.

Contents

  • Strings static analysis with strings, pestr and FLOSS
  • Execute and deobfuscate JavaScript using SpiderMonkey
  • Powershell deobfuscation and debugging with Cyberchef and PS IDE
  • Capturing malware events by tracing AMSI
  • Layout and Data deobfuscation using Python

Certificate of participation.

Heading to C-Days 2024, Cybersecurity conference!

Its next week that C-Days 2024, the biggest Cybersecurity conference in Portugal, organized by the Portuguese National Cybersecurity Centre will happen in Coimbra, Portugal, on the 18th, 19th and 20th of June!

Under the theme of “More Prevention”, this event marks the 10 years of the Portuguese National Cybersecurity Centre, and there will be a talk “looking back” at the past and looking forward towards the future of the organization.

I’m also particularly interested in the “Reverse Engineering Malicious Scripts on Windows” Workshop, presented by Duarte Mortágua from CERT.PT!

I’m already registered for the conference, and looking forward to ti!
Anyone interested can register at the official website:
www.c-days.cncs.gov.pt