Dear readers, good day. Last OCT/25 I taught a lecture about Malware Analysis at Unimonte university. As usual, all students (and teachers!) very interested in learning this fascinating world from IT security. Photos follow:
I hope you have a nice day.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges and Twitter: @ale_sp_brazil)
Hi readers..how are you? Last week, in OCT/18, I taught a lecture about Malware Analysis in the UniSantos University. We have a good time during the talk. Few photos follow:
The experience was great and I hope I have helped few students encouraging them to study about malwares.
Have a nice day.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges and Twitter: @ale_sp_brazil)
Dear readers, what have you been doing? Last Thursday (SEP/15) I taught a lecture about Malware Analysis at PUCC. Few photos follow below:
Honestly, it was a great talk because students were very interested in learning and they made several amazing questions. Furthermore, PUCC is the university where I graduated, so it is special for me.
I hope you have a nice day. See you soon.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you? Few photos about my lecture on Malware Analysis at USCS follow:
I hope students continue studying and interested in learning about the most fascinating IT Security area that is Malware Analysis.
Have a nice day and see you soon.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you? Last week I spoke about “Hunting malwares in the memory in the Oracle Linux 7.x” at Oracle Open World 2016 Latin America. Few photos from my session follow:
Personally, I liked this event so much because there were many interested people in learning and discovering how it is possible to detect an infection on the memory in the Oracle Linux 7.x.
I haven’t decided it yet, but eventually I will put slides out. Stay tuned!
Have a nice day.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you? Yesterday, June/12, I taught a lecture titled “Hunting malwares on the memory” in BSIDES Latin America 2016. It follows few photos:
I am proud of having taken part of the first BSIDES LATAM 2016 for three reasons:
Honestly, I hope my attendees have learned and gotten motivated to study a bit more about Malware and Memory Analysis.
I hope you have a nice day.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you? Yesterday (MAY/18), I taught a new lecture about Malware and Memory Analysis at UniSanta University. Few photos follow below:
It was a fantastic lecture where I could show a deeper memory forensic analysis than I did in other talks.
I hope you have a nice day.
Alexandre Borges
(Linkedin: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you? Yesterday, MAY/17, I taught a lecture about Malware and Memory Analysis at UNASP university. Follow few photos:
Honestly, I really had a very good time. Teachers and students were very polite and the auditorium was very organized.
I hope you are fine and have a nice day.
Alexandre Borges
(LinkedIn://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you? Last Thursday (MAY/05), I was teaching a lecture about Malware and Memory Analysis at FMU University. Few photos follow:
I hope I am able to continue motivating students to learn and work on this fascinating area.
Have a nice day.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Hi readers, how are you? Continuing my journey in universities, last Thursday (MAY/05) I was teaching a lecture about Malware and Memory Analysis at PUC-SP university. Few photos follow:
I keep my work in teaching lectures about Malware and Memory Analysis at universities because I really believe that it is possible to find top minds there and present concepts about Malware Analysis world to students for making their career better and motivating.
Have a nice day.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil).
Dear reader, what have you been doing? Yesterday I taught a lecture about Malware and Memory Analysis at UNASP-EC University. Few photos follow:
I keep my work trying to bring real, practical and interesting concepts for students at different universities who would never learn it. Honestly, it’s my contribution to society and I hope I can motivate these students to study these topics such as malware and memory analysis and work hard enough to make real progress in their career.
Have a nice day.
Alexandre Borges
(LinkedIn – http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you? Yesterday I taught a lecture about Malware and Memory Analysis at ITA (Instituto Tecnológico da Aeronáutica – Technological Institute of Aeronautics). Few photos follow:
This is the letter certifying my talk:
I hope you have a nice day.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter:@ale_sp_brazil)
How are you, readers? Last Tuesday (APRIL/19/2016) I taught a lecture about “Malware and Memory Analysis” at Unimonte University in Santos. Honestly, I had a great time because students were very interested and teachers were very polite. Few photos follow:
And my certificate (Brazilian language):
Furthermore, I met several smart students and made new friends.
I hope you have a nice day.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Readers, how you are? Last Tuesday (APR/19/2016) I spoken at (ISC)2 / Kafinet Information Security Trends 2016 about “Malwares: the worst threat”. Few photos follow:
It was an interesting event where few key IT professionals attended talks from specialists such as Anderson Dadario and Edson Borelli.
Have a nice day.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil)
Dear readers, how are you?
Yesterday (APRIL/07/2016), I spoke at UnG (Universidade de Guarulhos – Guarulhos University) about Introduction to Malware Analysis. Honestly, I had a great time with many students and teachers attending the lecture. It follows the certificate which I earned from the UnG:
Once more, thank you to everybody from UnG for the generosity and kindness during my lecture.
I hope you have a nice day.
Alexandre Borges
(LinkedIn: http://www.linkedin.com/in/aleborges) and twitter: @ale_sp_brazil .
(this short write up can be read in pdf format: https://alexandreborgesbrazil.files.wordpress.com/2016/01/reversing_few_words_about_a_trivial-code2.pdf)
Dear readers, how are you? During my classes and presentations, it is extremely common to hear students and professionals comparing different areas inside IT security, but honestly I think is neither possible nor feasible to do this “mental exercise”. Yesterday, I received one of this kind of message and, in the middle of the e-mail, I could read that “doubtless, hacking (pentest) is more difficult than reverse engineering and malware analysis”. I am not sure if it’s possible to state it. As an super easy educative example, I sent this code (I cleaned it a bit to make it clearer) below to my student and I asked him about two things: a) What’s the equivalent structure in C that the code is representing? b) How does it work?
.text:004028BC mov [ebp+var_C], eax
.text:004028BF mov ecx, [ebp+var_10]
.text:004028C2 movsx edx, byte ptr [ecx]
.text:004028C5 mov [ebp+var_14], edx
.text:004028C8 mov eax, [ebp+var_14]
.text:004028CB sub eax, 64h
.text:004028CE mov [ebp+var_14], eax
.text:004028D1 cmp [ebp+var_14], 0Fh ;
.text:004028D5 ja short loc_402923 ;
.text:004028D7 mov edx, [ebp+var_14]
.text:004028DA xor ecx, ecx
.text:004028DC mov cl, ds:byte_40293E[edx]
.text:004028E2 jmp ds:off_40292A[ecx*4] ; switch jump
.text:004028E9 ; —————————————————————————
.text:004028E9 loc_4028E9:
.text:004028E9 ; CODE XREF: sub_402884+5Ej
.text:004028E9 ; DATA XREF: .text:off_40292Ao
.text:004028E9 mov eax, [ebp+var_C] ;
.text:004028EC push eax ; char *
.text:004028ED call sub_401565
.text:004028F2 add esp, 4
.text:004028F5 jmp short loc_402923
.text:004028F7 ; —————————————————————————
.text:004028F7 loc_4028F7:
.text:004028F7 ; CODE XREF: sub_402884+5Ej
.text:004028F7 ; DATA XREF: .text:off_40292Ao
.text:004028F7 mov [ebp+var_4], 1 ;
.text:004028FE jmp short loc_402923 ;
.text:00402900 ; —————————————————————————
.text:00402900 loc_402900:
.text:00402900 ; CODE XREF: sub_402884+5Ej
.text:00402900
.text:00402900 mov ecx, [ebp+var_C] ;
.text:00402903 push ecx ; char *
.text:00402904 call sub_402813
.text:00402909 add esp, 4
.text:0040290C jmp short loc_402923 ;
.text:0040290E ; —————————————————————————
.text:0040290E
.text:0040290E loc_40290E:
.text:0040290E
.text:0040290E mov edx, [ebp+var_C] ;
.text:00402911 push edx ; char *
.text:00402912 call sub_402851
.text:00402929 add esp, 4
.text:0040291A mov eax, [ebp+arg_4]
.text:0040291D mov dword ptr [eax], 1
.text:00402923
.text:00402923 loc_402923:
.text:00402923
.text:00402923 mov eax, [ebp+var_4] ; jumptable 004028E2 default case
.text:00402926 mov esp, ebp
.text:00402928 pop ebp
.text:00402929 retn
.text:00402929 sub_402884 endp
.text:00402929
.text:00402929 ; —————————————————————————
.text:0040292A dd offset loc_4028E9 ; DATA XREF: sub_402884+5Er
.text:0040292A dd offset loc_4028F7 ; jump table for switch statement
.text:0040292A dd offset loc_40290E
.text:0040292A dd offset loc_402900
.text:0040292A dd offset loc_402923
.text:0040293E db 0, 4, 4, 4 ; DATA XREF: sub_402884+58r
.text:0040293E db 4, 4, 4, 4 ; indirect table for switch statement
.text:0040293E db 4, 4, 1, 4
.text:0040293E db 4, 4, 2, 3
.text:0040294E
As I stated previously, the code above is trivial and, in a nutshell, although this code have been extracted from a malware, there is only reverse engineering here. Few comments follow:
As I said previously, this is an super easy and basic construction, but most time while I am analyzing malwares I see pieces of code like that. In fact, it is suitable to tell that malware analysis is much more difficult than a simple switch case statement. Sure, I could explain several kind of hooking, injections, hijacking , and so on, but I chose this example to prove to my student that is not possible to compare different areas before having a better knowledge about both them (in time: my student wasn’t able to answer my questions at beginning of this write up).
Personally, my life is IT Security and I have a strong preference by malware analysis, so I am available to help you when necessary. If you want, I will be teaching few courses this year (more at http://alexandreborges.org/my-courses/) and I hope see you there.
Have a nice day.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges and twitter: @ale_sp_brazil).
Dear readers, what have you been doing? Continuing my project of talking about IT Security in universities, it follows below the certificate that I earned for my speak at UNISA:
Once more, I am available to talk about IT Security (Hacking, Malware Detection, Malware Analysis, Digital Forensics and Software Exploitation) in universities and companies without charging any fee. If you are interested, send me an e-mail to alexandreborges [at] alexandreborges [dot] org.
I hope you have a nice week.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges and Twitter: @ale_sp_brazil).
Hello readers, how are you? This week I am attending the Windows Malware and Memory Forensics
Training with Volatility developers (Michael Ligh, Jamie Levy and Andrew Case) in Reston (Virginia – USA). There is only one way to summary the course: PERFECT! It is extremely organized, includes theory and many practical exercises. Furthermore, all explanations are clear, concise and very informative. Another bonus is that all exercises come with well-explained answers.
Is it all? No, it is not. The volatility developers know everything about Windows Internals, Malware and Digital Forensics. Personally, Michael Ligh is the one of two most impressive and smarter guys who I know (the another one is Michael Sikorski) and Jamie Levy is, certainly, the most intelligent girl (by far). Furthermore, Michael and Jamie are very humble, polite and lovely humans being. Certainly, it is only possible to talk good words about them.
Some pictures follow below:
Figure 1:
Michael Ligh (one of two more outstanding and intelligent professionals that I have ever met in my life) and I
Figure 2: Jamie Levy (the most intelligent girl of the world and a very lovely person) and I
Figure 3: Andrew Case and I during a happy hour
Honestly, I am having a perfect course during a perfect week.
I hope you have a nice day.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges)
Dear readers, how are you? Today I have an amazing and unforgettable day lunching with Michael Sikorski in NYC. For people who do not know Michael, he is author of Practical Malware Analysis book and director of FLARE (FireEye Labs Advanced Reverse Engineering) at FireEye. Certainly I can tell you that Michael is very polite, friendly, an extremely humble person and so different from other professionals who I know that do not have (even close) the same knowledge.There are not enough good words to praise Michael. Follow below a picture with Michael in a restaurant:
I’ve been learning with top minds such as Michael Sikorski for being able to share the knowledge. Honestly, I hope I am successful.
In this world, we meet few relevant and remarkable people. Michael is one of them.
Have a nice day.
Alexandre Borges.
(LinkedIn: http://www.linkedin.com/in/aleborges)
Alexandre Borges 