Learn the next generation of incident response. Acquire physical memory from live running computers and analyze the results for evidence of rootkit and backdoor intrusion. Reconstruct the attack, determine what is being stolen, recover volatile data and code, and analyze captured malware. Students will target actual malware from the wild. Offline static memory analysis and dynamic runtime analysis will both be covered.

Rootkits are the primary tool used by malware to hide on a computer system. Rootkits can also be used to tamper-proof your own software against attackers. Take the next step in rootkit technology. This new 2nd generation class teaches advanced techniques such as memory subversion, kernel mode process infection even of "hardened" processes, simple 'shellcode' techniques, creating processes from Ring 0, subverting the Windows Object Manager, and kernel mode covert network channels.

This course will teach reverse engineering techniques to security professionals to find flaws in software. Finding vulnerabilities in software is hard, tedious work usually done by highly skilled software engineers. Not only will this course provide training on commonly used methods, it will enlighten the participants on how to automate portions of the work to save countless hours and increase productivity.

Based on the book Exploiting Software, How to Break Code by Greg Hoglund and Gary McGraw, Addison Wesley, 2004.