Zero 2 Hero

From Zero to Hero: Malware Reverse Engineering & Threat Intelligence” is a free, 12-week course by Vitali Kremez and Daniel Bunce (@0verfl0w_) sponsored by SentinelOne.


Chapter 12: YARA Hunting for Code Reuse: DoppelPaymer Ransomware & Dridex Families

Like all good things, the course is now coming to an end. The Zero2Hero malware course will be available for three more weeks. In the last episode, you can find Vitali’s summary of the course as well as a deep dive into the DoppelPaymer Ransomware & Dridex Families, including a practical guide that can help you perform YARA hunting.

Read the Zero2Hero Course Posts

Posted on

Here We GO: Crimeware Virus & APT Journey From “RobbinHood” to APT28

The Zero2Hero course continues with Vitali Kremez exploring Golang malware through a comparison of Robbinhood ransomware and Zebrocy loader samples

Posted on

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

The Zero2Hero malware course continues with Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10

Posted on

Deep Insight into “FIN7” Malware Chain: From Office Macro Malware to Lightweight JS Loader

The Zero2Hero malware course continues with Vitali Kremez dissecting the ‘Fin7’ malware chain that leverages malicious MS Office Macros and a JS loader.

Posted on

Info Stealers | How Malware Hacks Private User Data

Continuing our free Zero2Hero malware reverse engineering course, Daniel Bunce dives into the details of KPot, Vidar & Raccoon Info Stealers.

Posted on

FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals

The Zero2Hero malware course continues with Vitali Kremez diving into FIN6 “FrameworkPOS”, targeting payment card data from Point-of-Sale (POS) or eCommerce systems

Posted on

Gootkit Banking Trojan | Part 3: Retrieving the Final Payload

Gootkit’s final payload contains multiple Node.js scripts. Join Daniel Bunce as he reverse engineers the malware to take a deeper look at what it delivers.


Course Syllabus

  • Technical overview of injection techniques and persistence mechanisms
  • Discovering/recognizing privilege escalation in malware
  • Threat actors techniques to gain a foothold on networks
  • Deep dive into APTs (advanced persistent threats), eCrime
  • Info-stealers and Exploit Kit drive-bys seen in the wild
  • Analyzing shellcode usage in malware
  • Full analysis of malware techniques – stealth, persistence, algorithms, communication to a C2 server, and advanced capabilities

Powerful, Autonomous Endpoint Protection

SentinelOne saves you time by using multiple AI engines, providing complete visibility into all activity, and even rolling back threats with a single agent.

Predict Malicious Behavior

Autonomous monitoring and dynamic behavior tracking detect malicious activity across all threat vectors.

Rapidly Eliminate Threats

Fully-automated, integrated response capabilities eliminate threats and roll manipulated files back to trusted states.

Seamlessly Adapt Defenses

Cloud intelligence and machine learning seamlessly adapt your endpoint and server defenses against the latest malware and attacks.

Do you want better protection?

Hey, We're SentinelOne. We are determined to protect enterprises from cyber threats. Our only question is, will it be yours?

Copyright © 2019 SentinelOne. All Rights Reserved.