Instructor(s): Anthony Lai and Matt Brooks
This dojo includes a crash course on basic and intermediate level malware and document malware analysis skills in static and behaviour analysis.
Other than covering malware functionality including data encoding, covert malware launching as well as malware focused network signatures, If time permits, we will cover anti-reverse, debugging, virtual machine techniques and packers, if time permits, we cover shellcode and C++ analysis.
With working with Citizenlab researcher, we will cover a simple walkthrough of Yara rules and R2 to detect malware for blue team techniques
The most interesting part is that we would like to use realist target attack and espionage-related samples for exercise and analysis. Students are required to make notes or brief report. It will be an interactive session and we have invited a guest prominent cybercrime investigator to share special real case with you all for hands-on exercises.
Students should prepare a Win7 VM on their own for preparation.
Anthony Lai focus on offensive "Kungfu", malware analysis, target attack research as well as attribution. He is passionate over Capture the Flag game, reverse engineering and exploitation for years.
After inspired by Black Hat and DEFCON in 2007-8, he has found a non-profit making research group called VXRL (Valkyrie-X Security Research Group) since 2009 in Hong Kong, researchers have published various research in various security and hacker conference including AVTokyo, Codegate, Blackhat USA, DEFCON, DFRWS, HITCON, HTCIA USA and Asia Pacific. He organized a small conference called VXCON (vxcon.hk) and line up various his good friends to give cutting edge sharing and workshop.
Anthony acts as a director of Knownsec Hong Kong and Macau (knownsec.asia) and currently engages a part-time PhD program in Hong Kong University of Science and Technology, his research focus is on malware/threat attribution, machine learning and software analysis. He has been invited to be the technical team coach with Zetta KE and Alan HO for the CTF Team named "FireBird" sponsored and supported by Cyber Security Lab in HKUST (cybersecurity.cse.ust.hk).
Anthony is a mentor of SANS GREM and GXPN holder for official course.
Matt is a malware researcher with an interest in malware used to target civil society. In addition to private malware research, he has experience in intelligence and incident response in the US government and private sectors.