Ransomware remains one of the most prevalent and destructive forms of malware today. Understanding its inner workings is crucial for defenders and incident responders alike. This workshop will offer a deep dive into reverse engineering ransomware, focusing on practical methods for unpacking and analyzing malicious code.

The Reverse Engineering Ransomware: A Hands-on Workshop is designed to provide attendees with practical experience in analyzing a simulated ransomware sample. The workshop will begin with an introduction to ransomware and an overview of tools such as Ghidra, OllyDbg, x64dbg, Process Monitor, and Wireshark. Attendees will then engage in static analysis using Ghidra to examine the ransomware binary, followed by dynamic analysis in a safe virtual machine environment, where they will observe the malware’s behavior using debugging tools and monitoring software. The session will also cover extracting Indicators of Compromise (IOCs) and documenting the findings in a report.

Throughout the workshop, attendees will be guided step-by-step, with time for questions, hands-on practice, and discussion. The workshop concludes with a Q&A session and provides additional resources and a whitepaper for continued learning.

Note: A simulated ransomware sample will be provided at the start of the workshop. Attendees are encouraged to bring a laptop with at least 16GB of RAM and a pre-configured VM environment to fully participate in the hands-on analysis.