Today, as part of the C-Days Conference, I attended a very interesting Workshop, related to reverse engineering of malware, presented by a member of CERT.PT (Computer Emergency Response Team), part of the Portuguese National Cybersecurity Centre.
Description
This workshop offers a hands-on approach to reverse engineering malicious scripts on Windows systems, covering JavaScript, VBS, and Powershell. Aimed at cybersecurity technicians, this workshop ranges from static and behavioral analysis to manual deobfuscation techniques using Python. The objective is to enable participants to identify, analyze and collect IoCs of these threats, thus enabling them to mitigate what is one of the most common types of malware used as an entry vector to compromise organizations.
Contents
- Strings static analysis with strings, pestr and FLOSS
- Execute and deobfuscate JavaScript using SpiderMonkey
- Powershell deobfuscation and debugging with Cyberchef and PS IDE
- Capturing malware events by tracing AMSI
- Layout and Data deobfuscation using Python