Tuesday was another full day of malware analysis. The coursework, hosted by Mandiant, consisted of an introduction to OllyDbg, an in-depth look at the Windows loader and the Windows API, specifically covering registry functions, process/threading functions, and sockets.
At the end of the day, the course was complemented with actual demos, leading up to a final lab project which incorporated most of the subject matter discussed during the two-day boot camp. Along the way, Mandiant provided excellent pro tips of what to watch out for during disassembly and analysis of malware.
The course left me hungry for more, and although Black Hat only lasted two days, the knowledge gained about the field and its intricacies will certainly be applied within zveloLABS
