WS3 – DotNet Malware Analysis (4h)
Understanding DotNet malware can be daunting at first, but not so much with a solid knowledge of its fundamentals. The goal of this workshop is to teach the required concepts, as these can be transferred into any language of choice, in many different scenarios. As such, attendees gain a deep(er) understanding of the used techniques and methods.
This class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts. The exercises in the workshop are based on actual malware samples, and each exercise consists of several questions for the attendees. The questions become incrementally difficult, ensuring there always is a challenge.
Since the workshop’s materials will consist of actual malware samples, precautions are required, which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees.
There are several requirements to join:
• A laptop (x86_64 based) capable of smoothly running one x86_64 Windows 10 VM
• Visual Studio Community Edition (2019 or later) on the VM
• The DotNet Framework runtime for version 3.5 and later (default, version 4 is installed) on the VM
• dnSpyEx, de4dot, DotDumper, and other tools can be downloaded during the workshop as these are insignificant in size.
• Understand VB.NET/C#, and preferably be (somewhat) comfortable writing it. It is possible to join the workshop without the ability to write code, but you will notice this in the later stages of the workshop.