Windows Malware Analysis for Hedgehogs Beginner Training

/.../3. Triage and file type basics/

5. Lab Triage 2 Whole file examination.mp4

2. Download links.html

11. Triage Quiz.html

3. Lab Triage 1 Determine file types of unknown samples.mp4

10. Lab Exercise solution.mp4

9. Lab Triage 4 Final analysis.mp4

7. Deciphering antivirus detection names for malware.mp4

1. What is triage.mp4

4. What is a file type.mp4

8. Lab Triage 3 VirusTotal autoscans and first research.mp4

6. Antivirus detection names and formats for malware.mp4

6.1 AV Detection Names - 2023-08-28 10.43.52.pdf

1.1 Triage - 2023-04-15 06.22.51.pdf

/

TutsNode.org.txt

[TGx]Downloaded from torrentgalaxy.to .txt

/.../6. Portable Executable format and .NET/

2.1 Portable Executable Format-Basics.pdf

3. PortexAnalyzer and DnSpy download.html

8. Portable Executable metadata exercise.html

9. Portable Executable Quiz.html

4. Lab PE 1 MS DOS stub, COFF file header, timestamps and REPRO builds.mp4

5. Lab PE 2 Optional header and section table.mp4

13. Lab .NET 3 Code search in DnSpy.mp4

6. Lab PE 3 Resources, icons, debug path, imports.mp4

7. Lab PE 4 Anomalies and visualization.mp4

12. Lab .NET 2 Running the file, DnSpy basics.mp4

11. Lab .NET 1 .NET basics and triage.mp4

10. Compilation and Interpretation.mp4

2. Portable Executable format basics.mp4

1. Introduction to Portable Executable files.mp4

10.1 Compilers and interpreters - 2023-04-26 07.49.42.pdf

1.1 PE Basics - 2023-09-05 05.41.30.pdf

/.../2. Malware lab setup/

10.1 Safety rules.pdf

10. Safety rules summary.html

2. Download links.html

11. Safety rules quiz.html

9. Network, snapshots and first sample execution.mp4

3. Installing VirtualBox Windows 10 VM.mp4

5. Enabling hidden files view and removing Windows Defender.mp4

8. Sample handling Prevent execution via ACLs (Windows host only).mp4

1. Malware Analysis Lab.mp4

7. Sample handling Shared folder setup.mp4

4. Installing VirtualBox Guest Additions.mp4

6. Sample handling Course samples and password protected archives.mp4

/.../12. Packers and unpacking methods/

4. Download links and documentation.html

10. Lab Poison 1 Speakeasy API logging.mp4

12. Lab Injector DLL Unpacking via VirtualAlloc.mp4

6. Lab Winupack 1 packing, fix disassembly in x32dbg.mp4

7. Lab Winupack 2 Find OEP via tracing, dump and fix imports.mp4

11. Lab Poison 2 Unpacking via RtlDecompressBuffer.mp4

5. Installing Python 3 and Speakeasy.mp4

8. Lab Winupack 3 Find OEP via hardware breakpoint on stack.mp4

9. One generic unpacking approach.mp4

2. Unpacking methods.mp4

1. How packers work.mp4

3. Unpacking stub types and how they work.mp4

2.1 Unpacking Methods - 2023-09-11 05.39.15.pdf

9.1 Unpacking Approach - 2023-09-11 06.08.21.pdf

1.1 Packers - 2023-09-11 05.43.00.pdf

3.1 Unpacking Stubs - 2023-09-10 05.45.54.pdf

/.../7. File analysis verdicts/

5. Installing the bindiff and certificate tools.html

9. Lab diffing3 Force strict signature verification.mp4

2. File analysis verdicts.mp4

6. Lab diffing 1 Binary diffing with vbindiff and meld.mp4

7. Lab diffing 2 Identify certificate manipulation.mp4

3. Clean vs malicious—approaches for clean file analysis.mp4

10. Mapping detection names to file verdicts.mp4

1. Analysis types.mp4

3.1 Determine Clean vs Malicious - 2023-09-10 05.44.08.pdf

2.1 Analysis Verdicts - 2023-04-15 07.28.26.pdf

4. Tools for binary diffing and finding hidden certificate data.mp4

8. How signature verification works.mp4

1.1 Analysis Types.pdf

/.../10. Debugging basics with x64dbg/

2. Download links and bookmarks.html

10. x64dbg Quiz.html

8. Lab ASLR 1 Rebasing and DllCharacteristics in the Optional Header.mp4

5. Lab x64dbg 3 Software breakpoints.mp4

7. Lab x64dbg 5 Memory breakpoints.mp4

9. Lab ASLR 2 Hex to Bin Conversion, Bitmasks and Disabling Exploit Protection.mp4

3. Lab x64dbg 1 CPU view windows.mp4

4. Lab x64dbg 2 Navigation.mp4

6. Lab x64dbg 4 Hardware breakpoints.mp4

1. x64dbg introduction.mp4

/.../4. Wrapped files and installers/

3. Tools and links.html

13. Wrappers and installers quiz.html

9. Lab Installers 1 Layer 1 Unpacking Nullsoft.mp4

5. Lab Wrapped files 2 Obtaining the script with ACLs.mp4

12. Lab Installers 4 Triage of multiple files.mp4

4. Lab Wapped files 1 Triage of a wrapped file.mp4

11. Lab Installers 3 Extract 7zip SFX configuration.mp4

7. Lab Wrapped files 4 Obtaining the script with APIMonitor.mp4

10. Lab Installers 2 Layer 2 Extract 7zip SFX files.mp4

6. Lab Wrapped files 3 Wrapped file payload analysis.mp4

2. Wrapped files.mp4

8. Installers.mp4

1. Finding the malware developer's code.mp4

2.1 Wrappers - 2023-09-03 07.51.53.pdf

8.1 Installers - 2023-09-03 08.13.53.pdf

1.1 Finding the Dev's code - 2023-08-31 05.39.23.pdf

/.../8. Malware classification and analysis reports/

6. Tools and links.html

10. SteamHide FinalMalware.exe analysis.html

9. Lab report writing 3 Malware decryption with CyberChef.mp4

8. Lab report writing 2 ICC profile extraction with exiftool.mp4

7. Lab report writing 1 Main analysis of a downloader.mp4

2. Malware Classification.mp4

1. Writing analysis reports.mp4

3. Malware types by propagation.mp4

4. Malware types by payload behavior.mp4

3.1 Malware Types by Propagation.pdf

2.1 Malware Classification.pdf

5. Malware family identification.mp4

1.1 Analysis Reports.pdf

4.1 Malware Types by Behavior.pdf

5.1 Malware Families - 2023-09-09 11.26.32.pdf

/.../5. Malware Persistence and Disinfection Basics/

3. Links.html

7. Malware Persistence and Disinfection Quiz.html

4. Lab Services.mp4

5. Lab Disinfection 1 Autoruns - Run, IFEO.mp4

6. Lab Disinfection 2 RunOnce, Active Setup, Scheduled Tasks, LNKs.mp4

2. The Windows Registry.mp4

1. Auto Start Extensibility Points (ASEPs).mp4

2.1 Registry - 2023-05-28 06.06.16.pdf

1.1 ASEPs - 2023-05-06 11.26.44.pdf

/9. Ghidra basics/

2. Download link for Ghidra.html

5. Lab Ghidra 2 Windows in the codebrowser part 1.mp4

7. Lab finding main 1 MinGW and VisualStudio C++ applications.mp4

8. Lab finding main 2 A more difficult application.mp4

6. Lab Ghidra 3 Windows in the codebrowser part 2.mp4

4. Lab Ghidra 1 New project, file import and autoanalysis.mp4

3. Lab preparation Installing Ghidra.mp4

1. Ghidra introduction.mp4

/.pad/

0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

/.../11. Ransomware analysis with Ghidra and x64dbg/

6. Lab Legion ransomware 5 Understanding the encryption.mp4

7. Lab Legion ransomware 6 Patching with x32dbg.mp4

8. Lab Legion ransomware 7 Ransomware monitoring and file decryption test.mp4

4. Lab Legion ransomware 3 Date check markup.mp4

2. Lab Legion ransomware 1 Triage.mp4

3. Lab Legion ransomware 2 Finding main.mp4

5. Lab Legion ransomware 4 Finding the encryption function.mp4

1. Legion ransomware intro.mp4

/.../1. Introduction to Malware Analysis/

1. Introduction.mp4

2. Analysis process.mp4

2.1 Analysis Process.pdf

Total files 258