Fresh Prints of Mal-ware: Practical Malware Analysis

Andy Honig and I will be presenting Fresh Prints of Mal-ware: Practical Malware Analysis webinar on Wednesday February 29, 2012 at 2:00pm EST. Join us to hear about two exciting projects we have been working on: Our book Practical Malware Analysis and a new (and free) malware analysis tool called FakeNet.

On the webinar, we will discuss how important solid malware analysis is to an incident response investigation. We will talk about how our book Practical Malware Analysis can help teach you how to dissect malicious software and how the book can be used as a learning tool regardless if you are new to the malware game or a seasoned professional.

Next, we will release a new (and free) malware analysis tool called FakeNet. FakeNet is designed to make the common tasks of dynamic malware analysis easy, while still having enough flexibility to allow for complex analysis. FakeNet will allow you to:

  • Redirect all traffic (including traffic to hard coded IP addresses) to the localhost
  • Respond intelligently to requests for popular protocols including DNS, HTTP, and HTTPS
  • Listen to all network traffic on the localhost regardless of port or protocol
  • Easily script malware specific command and control protocols using a Python extension interface
  • Create a packet capture of traffic on the local machine

We will demo the capabilities of FakeNet and show how easy and useful it is for analyzing malware that performs network communication. We will demo FakeNet using examples of real malware. FakeNet isn't a Mandiant tool, so you will need to download it after the webinar.

All webinar attendees will receive a 40% discount code that goes towards the purchase of the book. Anyone who purchases the hardcopy from nostarch.com using this code will receive a complimentary e-book that can be downloaded immediately after purchase.

Mandiant will be live tweeting highlights using the hashtag #M_FP.

Use the following link to register: https://cc.readytalk.com/cc/s/showReg?udc=cdpyhqsbocld