Centre of Excellence Tallinn, Estonia
Botnet Takeover Course
Dates
13-17 September 2010
Venue
CCD COE, Tallinn, Estonia
Course Overview
1) Setting up a laboratory environment for botnet analysis
2) Introduction to reverse engineering of malware
3) Static and dynamic analysis of botnet traffic
4) Hand-on exercise: botnet takeover
Course outline
Day 1: Introduction to the malicious side
- Malware spreading techniques and botnet overview
- Important concepts of the Windows operating system
- Reverse engineering methodologies
- Lab setup
- Botnet creation using bot construction kits
Day 2: Introduction to botnet analysis
-Applied Blackboxing
- Sandbox concepts
- x86 architecture and assembly primer
- Reverse mapping of assembly to high-level languages
Day 3: Static Analysis
- Static analysis tools and IDA Pro
- IRC Botnet takeover exercise I
Day 4: Dynamic Analysis
- Dynamic analysis and debugging methodology
- Shellcode investigation
- (Exploitation concepts depending on time constraints)
- IRC Botnet takeover exercise II
Day 5: Applied botnet analysis
- Packers, unpacking, and sample reconstruction
- HTTP Botnet analysis and monitoring
Course attendees are welcome to book a room for a special price of 95 EUR in the Radisson Blu Hotel. Promotional code: CCDCOE
Contact
For any enquiries and further information, please contact Maj Leo Oja (leo.oja -at- ccdcoe.org; +372 7176 )
News
© 2009 CCD COE A: Filtri tee 12, 10132 Tallinn, Estonia T: +372 717 6800 F: +372 717 6308 E: ccdcoe
ccdcoe.org