Cyber Security Incident Response Wannacry Ransomware
What you'll learn
- Investigate and understand the behavior of the Wannacry ransomware in a lab environment using your own computer if you will.
- Triage and identify indicators of compromise.
- Live-analysis of the infected lab machine for windows artifacts
- Static-analysis of the identified executable and artifacts
- Sandbox analysis of the malicious activity, including network activity, processes, services, autoruns
- Create a summary report of the incident and identify remediation recommendations
- Basic Windows knowledge (process, file, filesystem, registry)
- Interest in computer forensics and malware analysis
- At least one virtualization technology if you want to perform the practical tests (e.g. Virtualbox/VmWare)
Wannacry has been one of the most famous ransomware in computer history (so far) which allows us to investigate how it worked and identify indicators of compromise. The goal of the course is not to protect against Wannacry, but to provide you with a methodology to be able to quickly assess the behavour of a suspicious application in a computer. The tools we are using in this course are free for personal use, but there are way more other solutions you can use for the same purpose.
At the end of this training you will have a solid understanding how the ransomware works and how to protect you environment, also you will be able to use the tools to identify and analyse other malicious tools. You will not be a malware analyst, this is not the course for that. This course will give you the steps to be able to do incident response in a quick manner and see what areas you need to develop yourself using other courses. Deep malware analysis is a very interesting area, but not necessarily the part of the incident response team. There are companies specialized in malware analysis, or people specializing in malware analysis. One can spend hours, days, weeks, months analyzing a single malware. This course aims for quick response.
Who this course is for:
- People with interest in information security
- People with interest in incident resposne
- Security Operations Center team members
- People interested to start analyzing malware
I am an experienced IT security expert with several years of IT operations, IT audit, IT security consultant, penetration tester and cyber incident response manager background. I would like to share what I've learned over the years with the community to help everyone who needs a little guidance on the path. Incident response is my primary field of interest, but I am always interested to learn new technologies and figure out how security is integrated and where are the gaps in the protection.