Workshop – Reverse Engineering of Malicious Scripts on Windows

Today, as part of the C-Days Conference, I attended a very interesting Workshop, related to reverse engineering of malware, presented by a member of CERT.PT (Computer Emergency Response Team), part of the Portuguese National Cybersecurity Centre.

Description

This workshop offers a hands-on approach to reverse engineering malicious scripts on Windows systems, covering JavaScript, VBS, and Powershell. Aimed at cybersecurity technicians, this workshop ranges from static and behavioral analysis to manual deobfuscation techniques using Python. The objective is to enable participants to identify, analyze and collect IoCs of these threats, thus enabling them to mitigate what is one of the most common types of malware used as an entry vector to compromise organizations.

Contents

  • Strings static analysis with strings, pestr and FLOSS
  • Execute and deobfuscate JavaScript using SpiderMonkey
  • Powershell deobfuscation and debugging with Cyberchef and PS IDE
  • Capturing malware events by tracing AMSI
  • Layout and Data deobfuscation using Python

Certificate of participation.

Workshop CSIRT-in-a-box

Today I attended the online Workshop CSIRT-in-a-box, as part of the CSecurity 2024, a Cybersecurity Conference.

It was an interesting presentation, mentioning the process and some tools related to setting-up a CSIRT (Cyber Security Incident Response Team).