- My team at Savvis provides security assessments, design, and operational assistance for business.
- I'll be teaching how to analyze malware at a SANS conference in San Diego, CA and on-line.
- Take a look at my IT and security cheat sheets, which I designed to assist in difficult situations.
Announcing the REM Course Expansion - December 2007
I am pleased to announce the expansion of the Reverse-Engineering Malware course. A lot of the participants of the original 2-day course have been asking, "When will you offer a more advanced version of the class?" It's finally here.
The original SEC601 course covers the essentials of malware analysis. The new SEC602 course focuses on the more advanced reverse-engineering topics. We spend a day on malicious code analysis, identifying key logic structures, and reviewing assembly-level examples of common malware categories. The second day focuses on manual and automated unpacking and other considerations for bypassing self-defending mechanisms in malware. We also learn to combat advanced obfuscation techniques in malicious Web scripts.
SANS plans to offer the full 4-day course as SEC610, and allow students to sign up for each 2-day course independently as well. To clarify: SEC610 = SEC601 + SEC602.
The GREM certification, based on the Reverse-Engineering Malware course, will cover the newly-expanded SEC610 course. Current GREM holders will not be required to re-take the exam; however, when their certification comes up for renewal, the exam will include the new materials from SEC602. (Please direct certification questions to GIAC).
The new materials are the result of collaboration with my colleagues from SANS and the Internet Storm Center, mainly Pedro Bueno, Michael Murr, Jim Shewmaker, and Bojan Zdrnja, who are the primary authors of the new materials. Many thanks to these individuals for their contributions and to those who have provided, and will provide, valuable feedback for keeping the course in top shape.
If you'd like to help fine-tune the new materials, please sign up for the new 2-day course (SEC602) in Boston, MA, the weekend of January 26-27. I'll be beta-testing the course there: some glitches may come up, but you can join this event at a 50% discount!
The course will formally debut at SANS 2008 in Orlando, FL, in April. Students can sign up for the entire 4-day course (SEC610) or for the individual 2-day courses (SEC601 and SEC602). SEC601 alumni qualify for a 50% discount on the 4-day version of the course (SEC610) in 2008.
Hope to see you at one of these events!
Sincerely,
-- Lenny Zeltser
December 2007
Copyright © 1995-2009 Lenny Zeltser. All rights reserved. RSS Feed.