Explore advanced techniques for dynamic malware analysis in this Black Hat conference talk. Learn to use FakeNet 2.0, a free Windows network simulation tool, to trick malware into believing it's connected to the Internet. Master mimicking common protocols like HTTP, SSL, and DNS, and discover how to quickly reconfigure FakeNet for successful malware deception. Gain insights into Windows Internals, process tracking for identifying malicious network activity, and automatic PCAP logging. Participate in hands-on challenges analyzing real-world malware samples to extract network-based signatures, progressing from basic to advanced levels. Understand how to extend FakeNet's capabilities by writing Python extensions for custom malware protocols. Bring your Windows malware analysis Virtual Machine or use a provided one to fully engage in this practical, skill-building session.
Overview
Syllabus
Introduction
Practical Matter Analysis
Outline
Background Malware
Protocols
Infrastructure
Beaconing
Why Fake the Network
Existing Tools
Fake DNS
Fake DNS GUI
Netcat
Inetsim
FakeNet
Goals
Usage
Downloading Files
Downloading Programs
Layered Service Providers
How Does It Work
Listeners
WSP dll
Packet Capture
Output Options
Python
Fame
New Features
Process Logging
Bug Breakpoint
Demo EXE
Stop DNS Service
Post Response
IP Address
Additional Changes
Whats Next
Lunch
Taught by
Black Hat
