« November 2015 | Main | January 2016 »

1 post from December 2015

Dec 21, 2015

Malware Analysis Training Course at Security Camp Japan 2015

Hi, this is You 'Tsuru' Nakatsuru again from Analysis Center.

This past summer, I joined the “Security Camp 2015” in Japan as a trainer for a malware analysis training course, which was held for students aged 22 and under living in Japan, with the aim of discovering top, young talents.

This blog entry is to introduce the malware analysis training materials which I used at Security Camp 2015 as below.

Malware Analysis Training Materials for Security Camp Japan 2015
Published DateTitleFilePGP Signature
2015-09-10 "10-D: Understanding Malware"
You Nakatsuru, Analysis Center, JPCERT/CC
3.23MB
Digitally Signed
PGP Signature
2015-09-10 "13-D, 14-D: Understanding Malware"
You Nakatsuru, Analysis Center, JPCERT/CC
974KB
Digitally Signed
PGP Signature
2015-09-10 "Understanding Malware Exercises"
You Nakatsuru, Analysis Center, JPCERT/CC
zip
1.08MB
PGP Signature

Understanding Malware

My course covered 6 hours of the 5-day Security Camp. As you may know, malware analysis requires a variety of knowledge such as OS, network, etc., and you also need to know how to create a safe analysis environment and how to use various tools. However, because it is difficult to cram everything in a limited course, I focused mainly on one of the popular topics at Security Camp – “Static analysis method (Reverse engineering).” Static analysis is a method used to read codes in the malware, which is more difficult and time-consuming than other analysis methods. However, more details on malware behavior can be revealed by using this method.

The training course consisted of 2 parts as below:

  • ŸFirst half (2 hours)

I explained basic knowledge of the current state of malware and analysis methods, followed by basics of static analysis (assembly language, efficient ways to read codes, etc.) in a hands-on style.

  • Second half (4 hours)

Trainees read malware codes on their own, while I explained the required knowledge to actually analyze malware, such as the mechanism of Windows and techniques used by malware.

The course aimed to bring the trainees to properly understand about malware, to master static analysis method, as well as to recognize the challenge in malware analysis and to utilize those knowledge and skills in the future. All the course materials were compiled in English, as JPCERT/CC has various opportunities to conduct trainings abroad.

The Security Camp had a few Japanese students as young as Junior High School students, and it may have been a bit of a challenge to study malware analysis, which requires advanced technical skills, in English. Even so, the trainees earnestly worked on penetrating codes and were able to find out the actual behavior of the malware. At the end of the course, there were positive feedbacks such as “The course was informative,” “It was difficult but fun,” and “I hope to be able to read and understand codes more,” and I feel happy to be able to contribute to the future of the trainees.

In Closing

The course materials have been published in hope that it will also be useful for anyone who has interest in malware analysis. We would highly appreciate your comments or feedback on the materials. Please contact aa-info@jpcert.or.jp.

Thank you.

- You Nakatsuru


Reference

Security Camp Japan 2015: Information-technology Promotion Agency, Japan (IPA) (Japanese only)

https://www.ipa.go.jp/jinzai/camp/2015/zenkoku2015.html


Security Camp Executive Committee (Japanese only)

http://www.security-camp.org/camp/index.html