News / Event Details


Sunday, March 2, 2014 Keywords: Upcoming Events By: CS Continue reading Cyber Security Workshop--Malware Behavior Analysis using Memory Forensics Memory forensic is an excellent skill to find out various data structures and artefacts in the memory of a running computer. It gives very detailed view of running processes, open network connections, registry handles, kernel modules etc. Recently, the science of memory forensics is also used by malware analysts to analyse the behaviour of malware from within memory. Malware analysts who are not looking at volatile memory are missing a very important piece of information on the table. Today, a new breed of malwares has emerged which run only in the RAM and thus leave no clue for the investigators. In this training we will use Volatility framework which is a completely open collection of tools, implemented in Python, for the extraction of digital artefacts from volatile memory (RAM) samples. After attending this training the students will be able to: Traverse the RAM images of windows system for finding malicious activity Analyse the user space and kernel space processes for possible injection Find malicious hooks and rootkits being implanted within the RAM images Topics: Training will cover the following topics: Memory Forensics with Volatility Dumping Memory with MoonSols Windows Memory Toolkit Remote, Read-only Memory Acquisition with F-Response Accessing Virtual Machine Memory Files Volatility in a Nutshell Investigating processes in Memory Dumps Detecting DKOM Attacks with psscan Recognizing Process Context Tricks Memory Forensics: Code Injection and Extraction Hunting Suspicious Loaded DLLs Detecting Unlinked DLLs with ldr_modules Exploring Virtual Address Descriptors (VAD) Translating Page Protections Finding Artifacts in Process Memory Identifying Injected Code with Malfind and YARA Rebuilding Executable Images from Memory Scanning for Imported Functions with impscan Dumping Suspicious Kernel Modules Memory Forensics: Rootkits Detecting IAT Hooks Detecting EAT Hooks Detecting Inline API Hooks Detecting Interrupt Descriptor Table (IDT) Hooks Detecting Driver IRP Hooks Detecting SSDT Hooks Memory Forensics: Network and Registry Exploring Socket and Connection Objects Analyzing Network Artifacts Left by Zeus Detecting Attempts to Hide TCP/IP Activity Detecting Raw Sockets and Promiscuous NICs Analyzing Registry Artifacts with Memory Registry Tools Sorting Keys by Last Written Timestamp Sunday, March 2, 2014 Keywords: Upcoming Events By: CS Continue reading

Cyber Security Workshop--Malware Behavior Analysis using Memory Forensics

Memory forensic is an excellent skill to find out various data structures and artefacts in the memory of a running computer. It gives very detailed view of running processes, open network connections, registry handles, kernel modules etc. Recently, the science of memory forensics is also used by malware analysts to analyse the behaviour of malware from within memory. Malware analysts who are not looking at volatile memory are missing a very important piece of information on the table. Today, a new breed of malwares has emerged which run only in the RAM and thus leave no clue for the investigators. In this training we will use Volatility framework which is a completely open collection of tools, implemented in Python, for the extraction of digital artefacts from volatile memory (RAM) samples.

After attending this training the students will be able to:

Traverse the RAM images of windows system for finding malicious activity
Analyse the user space and kernel space processes for possible injection
Find malicious hooks and rootkits being implanted within the RAM images

Topics: Training will cover the following topics:

Memory Forensics with Volatility

Dumping Memory with MoonSols Windows Memory Toolkit
Remote, Read-only Memory Acquisition with F-Response
Accessing Virtual Machine Memory Files
Volatility in a Nutshell
Investigating processes in Memory Dumps
Detecting DKOM Attacks with psscan
Recognizing Process Context Tricks

Memory Forensics: Code Injection and Extraction

Hunting Suspicious Loaded DLLs
Detecting Unlinked DLLs with ldr_modules
Exploring Virtual Address Descriptors (VAD)
Translating Page Protections
Finding Artifacts in Process Memory
Identifying Injected Code with Malfind and YARA
Rebuilding Executable Images from Memory
Scanning for Imported Functions with impscan
Dumping Suspicious Kernel Modules

Memory Forensics: Rootkits

Detecting IAT Hooks
Detecting EAT Hooks
Detecting Inline API Hooks
Detecting Interrupt Descriptor Table (IDT) Hooks
Detecting Driver IRP Hooks
Detecting SSDT Hooks

Memory Forensics: Network and Registry

Exploring Socket and Connection Objects
Analyzing Network Artifacts Left by Zeus
Detecting Attempts to Hide TCP/IP Activity
Detecting Raw Sockets and Promiscuous NICs
Analyzing Registry Artifacts with Memory Registry Tools
Sorting Keys by Last Written Timestamp

http://ww2.comsats.edu.pk/ciitblogs/files/CyberSecurity.jpg

Cyber Security Workshop--Malware Behavior Analysis using Memory Forensics

Mehfil-e-Mushaira

Tent Pegging (Neza Bazi) competition at CUI Attock Campus

Postgraduate Scholarship for Students of Balochistan & Erstwhile FATA

Seminar on WOMEN EMPOWERMENT by Pakistan Girls Guide Association (PGGA) at CUI Attock

Flateland: A Romance of Many Dimensions