Cyber Threats

Malware Analysis & Reverse Engineering Lab Overview In this lab, students will conduct static and dynamic analysis on malware samples to dissect their functionality, extract indicators of compromise (IOCs), and understand how cyber threats operate. The objective is to apply reverse engineering techniques to analyze malicious binaries and scripts. Lab Instructions 1. Setting Up Your Environment You will need: A dedicated malware analysis VM (FlareVM, REMnux, or a sandboxed Windows/Linux VM) Installed tools: Ghidra or IDA Free for static analysis Wireshark & ProcMon for system and network monitoring Cuckoo Sandbox or Any.Run for dynamic analysis YARA for signature-based malware detection Step 1: Isolate the Analysis Environment vmrun start /path/to/malware_vm.vmx Ensure the machine is not connected to the internet and use snapshotting before running any malware. ...

Threat Hunting & Anomaly Detection Lab Overview Threat hunting is a proactive cybersecurity approach that involves identifying potential security threats before they cause harm. This lab introduces students to threat hunting techniques, anomaly detection strategies, and behavioral analysis methods to detect advanced threats that evade traditional security tools. Lab Instructions 1. Setting Up Your Environment You will need: A SIEM platform (Splunk, Wazuh, or ELK Stack) Access to MITRE ATT&CK, VirusTotal, and AlienVault OTX A dataset containing logs from a simulated network breach (provided by instructor) Install required tools (if using Wazuh on Debian-based OS) sudo apt update && sudo apt install wazuh-agent 2. Collecting Security Data for Threat Hunting Threat hunters use logs from multiple sources, including: ...

Threat Intelligence & IOC Analysis Overview Cyber threat intelligence enables security professionals to identify, analyze, and respond to cyber threats effectively. This lab will teach you how to collect, analyze, and apply Indicators of Compromise (IOCs) to security monitoring. Lab Instructions 1. Setting Up Your Environment You will need: A Linux or Windows VM Access to AlienVault OTX, VirusTotal, and MITRE ATT&CK A SIEM tool (Wazuh, Splunk) installed for IOC analysis 2. Collecting Threat Intelligence Data Threat intelligence comes from many sources, including open-source feeds, security vendors, and malware analysis platforms. ...