-
Notifications
You must be signed in to change notification settings - Fork 166
/
render.presentation.out
77 lines (77 loc) · 4.25 KB
/
render.presentation.out
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
\BOOKMARK [1][]{Outline1}{Outline}{}
\BOOKMARK [2][]{Outline1.1.3}{Background}{Outline1}
\BOOKMARK [2][]{Outline1.2.4}{Basic Analysis}{Outline1}
\BOOKMARK [2][]{Outline1.3.5}{Advanced Analysis}{Outline1}
\BOOKMARK [2][]{Outline1.4.6}{Custom Development}{Outline1}
\BOOKMARK [1][]{Outline2}{Introduction}{}
\BOOKMARK [2][]{Outline2.1.9}{Introduction}{Outline2}
\BOOKMARK [2][]{Outline2.2.14}{Malware Analysis}{Outline2}
\BOOKMARK [2][]{Outline2.3.18}{Questions to Consider}{Outline2}
\BOOKMARK [1][]{Outline3}{VM's and Live Analysis}{}
\BOOKMARK [2][]{Outline3.1.25}{Virtual Machines}{Outline3}
\BOOKMARK [2][]{Outline3.2.31}{Live Analysis}{Outline3}
\BOOKMARK [1][]{Outline4}{Architecture and OS}{}
\BOOKMARK [2][]{Outline4.1.41}{x86 Architecture}{Outline4}
\BOOKMARK [2][]{Outline4.2.63}{Microsoft Windows OS}{Outline4}
\BOOKMARK [1][]{Outline5}{PE File Format}{}
\BOOKMARK [2][]{Outline5.1.83}{Overview and Headers}{Outline5}
\BOOKMARK [2][]{Outline5.2.94}{Interactive Walkthrough}{Outline5}
\BOOKMARK [2][]{Outline5.3.115}{Import/Export Address Tables}{Outline5}
\BOOKMARK [2][]{Outline5.4.128}{Updated PE32+ and Usage Examples}{Outline5}
\BOOKMARK [1][]{Outline6}{Overview of Analysis Tools}{}
\BOOKMARK [2][]{Outline6.1.137}{Debuggers}{Outline6}
\BOOKMARK [2][]{Outline6.2.140}{Disassemblers / Decompilers}{Outline6}
\BOOKMARK [2][]{Outline6.3.144}{Other}{Outline6}
\BOOKMARK [2][]{Outline6.4.145}{Python}{Outline6}
\BOOKMARK [1][]{Outline7}{\(Dis\)Assembly}{}
\BOOKMARK [2][]{Outline7.1.150}{Crash Course}{Outline7}
\BOOKMARK [2][]{Outline7.2.156}{Assembly Patterns}{Outline7}
\BOOKMARK [1][]{Outline8}{IDA Pro}{}
\BOOKMARK [2][]{Outline8.1.182}{Overview}{Outline8}
\BOOKMARK [2][]{Outline8.2.188}{Overview of Views}{Outline8}
\BOOKMARK [2][]{Outline8.3.198}{Driving IDA}{Outline8}
\BOOKMARK [2][]{Outline8.4.203}{Customizations}{Outline8}
\BOOKMARK [1][]{Outline9}{OllyDbg}{}
\BOOKMARK [2][]{Outline9.1.210}{Overview}{Outline9}
\BOOKMARK [2][]{Outline9.2.212}{Overview of Views}{Outline9}
\BOOKMARK [2][]{Outline9.3.227}{Driving OllyDbg}{Outline9}
\BOOKMARK [1][]{Outline10}{Executable \(Un\)Packing}{}
\BOOKMARK [2][]{Outline10.1.237}{Executable Packing}{Outline10}
\BOOKMARK [2][]{Outline10.2.249}{Executable Unpacking}{Outline10}
\BOOKMARK [2][]{Outline10.3.259}{Packer Usage Statistics}{Outline10}
\BOOKMARK [2][]{Outline10.4.264}{Unpacking Traces}{Outline10}
\BOOKMARK [1][]{Outline11}{Anti Reverse Engineering}{}
\BOOKMARK [2][]{Outline11.1.281}{Anti-Debugging}{Outline11}
\BOOKMARK [2][]{Outline11.2.291}{Anti-Disassembling}{Outline11}
\BOOKMARK [2][]{Outline11.3.301}{Anti-PE Analysis}{Outline11}
\BOOKMARK [2][]{Outline11.4.312}{Anti-VM}{Outline11}
\BOOKMARK [1][]{Outline12}{Binary Diffing and Matching}{}
\BOOKMARK [2][]{Outline12.1.323}{Binary Diffing}{Outline12}
\BOOKMARK [2][]{Outline12.2.327}{Example in Malware Analysis}{Outline12}
\BOOKMARK [2][]{Outline12.3.333}{Binary Matching}{Outline12}
\BOOKMARK [2][]{Outline12.4.336}{Exercises}{Outline12}
\BOOKMARK [1][]{Outline13}{Advanced Malware Techniques}{}
\BOOKMARK [2][]{Outline13.1.338}{Advanced Malware Techniques}{Outline13}
\BOOKMARK [2][]{Outline13.2.338}{Anti-Detection/Obfuscation Measures}{Outline13}
\BOOKMARK [2][]{Outline13.3.347}{Runtime Hiding Techniques}{Outline13}
\BOOKMARK [2][]{Outline13.4.350}{Counter-Measures}{Outline13}
\BOOKMARK [1][]{Outline14}{Analysis}{}
\BOOKMARK [2][]{Outline14.1.354}{Analysis I}{Outline14}
\BOOKMARK [2][]{Outline14.2.396}{Analysis II}{Outline14}
\BOOKMARK [1][]{Outline15}{IDA Python}{}
\BOOKMARK [2][]{Outline15.1.441}{Overview}{Outline15}
\BOOKMARK [2][]{Outline15.2.443}{Examples}{Outline15}
\BOOKMARK [2][]{Outline15.3.450}{Exercises}{Outline15}
\BOOKMARK [1][]{Outline16}{PEFile and PyDasm}{}
\BOOKMARK [2][]{Outline16.1.453}{Overview}{Outline16}
\BOOKMARK [2][]{Outline16.2.455}{pefile}{Outline16}
\BOOKMARK [2][]{Outline16.3.463}{pydasm}{Outline16}
\BOOKMARK [2][]{Outline16.4.469}{Exercises}{Outline16}
\BOOKMARK [1][]{Outline17}{PaiMei}{}
\BOOKMARK [2][]{Outline17.1.472}{Overview}{Outline17}
\BOOKMARK [2][]{Outline17.2.511}{Command Line Tools}{Outline17}
\BOOKMARK [2][]{Outline17.3.547}{GUI and Tools}{Outline17}
\BOOKMARK [2][]{Outline17.4.555}{Exercises}{Outline17}
\BOOKMARK [1][]{Outline18}{Appendix}{}
\BOOKMARK [2][]{Outline18.1.561}{References}{Outline18}
\BOOKMARK [2][]{Outline18.2.565}{Slide Count}{Outline18}