Date and Time:
Tuesday, March 21, 14:00 – 18:00
Paul Rascagneres, France, Volexity
This workshop is designed to the beginner who want to discover the malware analysis and the reverse engineering. The workshop will start by explaining how work Windows processes and the x86 assembly language. Once we have discovered the basic instructions, we will directly reverser our first malware: a ransomware. We will work statically with Ghidra an open-source disassembler. The purpose will be to be acquainted with the tool and reply to a couple of questions: what is the encryption algorithm? Can I restore the encrypted file? Where is stored the ransom note?
Please make sure you have Ghidra, python 3 and pip installed on your machine.