PTS2022

[Workshop] Malware analysis with Ghidra & x64dbg
2022-07-05, 09:30–12:30 (Europe/Paris), Workshop Room

This workshop is designed to the beginner who want to discover the malware analysis and the reverse engineering.


Organization note: registration to the workshop will be done directly on-site during the event. Nothing to do on-line.

We will start by explaining the x86 assembly language. Once we have discovered the basic instructions, we will directly reverser our first malware: a ransomware. We will work statically with Ghidra and dynamically with x32dbg two open-source software. The purpose will be to be acquainted with the tools and reply to a couple of questions: what is the encryption algorithm? Can I restore the encrypted file? Where is stored the ransom note?

Prerequisites: for the attendees who would like to work dynamically, a virtual machine running Windows must be configured before the workshop. The free Windows virtual machines provided by Microsoft works perfectly for this workshop: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Maximum of 10 participants.

Paul Rascagneres is a threat researcher within Volexity. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has been involved in security research for ten years, mainly focusing on malware analysis, malware hunting and more specially on advanced persistent threat (APT) campaigns and rootkit capabilities. He previously worked for several incident response teams within the private and public sectors.