{"id":549,"date":"2024-06-20T21:14:20","date_gmt":"2024-06-20T21:14:20","guid":{"rendered":"https:\/\/www.pedrof.com\/blog\/?p=549"},"modified":"2026-03-03T01:19:48","modified_gmt":"2026-03-03T01:19:48","slug":"workshop-reverse-engineering-de-scripts-maliciosos-em-windows","status":"publish","type":"post","link":"https:\/\/www.pedrof.com\/blog\/pt\/2024\/workshop-reverse-engineering-de-scripts-maliciosos-em-windows\/","title":{"rendered":"Workshop &#8211; Reverse Engineering de Scripts Maliciosos em Windows"},"content":{"rendered":"\n<p>Hoje, no \u00e2mbito da Confer\u00eancia <a href=\"https:\/\/www.c-days.cncs.gov.pt\/\" data-type=\"link\" data-id=\"https:\/\/www.c-days.cncs.gov.pt\/\">C-Days<\/a>, participei num Worshop muito interessante, relacionado com engenharia reversa de malware, apresentado por um membro do <a href=\"https:\/\/www.cncs.gov.pt\/pt\/certpt\/\" data-type=\"link\" data-id=\"https:\/\/www.cncs.gov.pt\/pt\/certpt\/\">CERT.PT<\/a> (<em>Computer Emergency Response Team<\/em>), parte integrante do <a href=\"https:\/\/www.cncs.gov.pt\/\">Centro Nacional de Ciberseguran\u00e7a<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Descri\u00e7\u00e3o<\/h2>\n\n\n\n<p>Este workshop oferece uma abordagem pr\u00e1tica ao reverse engineering de scripts maliciosos em sistemas Windows, cobrindo JavaScript, VBS e Powershell. Destinado a t\u00e9cnicos da \u00e1rea de ciberseguran\u00e7a, este workshop vai desde an\u00e1lise est\u00e1tica e comportamental at\u00e9 t\u00e9cnicas de desofusca\u00e7\u00e3o manual utilizando Python. O objetivo \u00e9 habilitar os participantes a identificar, analisar e recolher IoCs destas amea\u00e7as, capacitando-os assim a mitigar aquela que \u00e9 uma das tipologias mais comuns de malware utilizadas como vetor de entrada para comprometer organiza\u00e7\u00f5es.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conte\u00fado<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Strings static analysis with strings, pestr and FLOSS<\/li>\n\n\n\n<li>Execute and deobfuscate JavaScript using SpiderMonkey<\/li>\n\n\n\n<li>Powershell deobfuscation and debugging with Cyberchef and PS IDE<\/li>\n\n\n\n<li>Capturing malware events by tracing AMSI<\/li>\n\n\n\n<li>Layout and Data deobfuscation using Python<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/www.pedrof.com\/files\/C-Days_2024_Workshop_Reverse_Engineering.pdf\" data-type=\"link\" data-id=\"https:\/\/www.pedrof.com\/files\/C-Days_2024_Workshop_Reverse_Engineering.pdf\">Certificado de presen\u00e7a<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hoje, no \u00e2mbito da Confer\u00eancia C-Days, participei num Worshop muito interessante, relacionado com engenharia reversa de malware, apresentado por um membro do CERT.PT (Computer Emergency Response Team), parte integrante do Centro Nacional de Ciberseguran\u00e7a. Descri\u00e7\u00e3o Este workshop oferece uma abordagem pr\u00e1tica ao reverse engineering de scripts maliciosos em sistemas Windows, cobrindo JavaScript, VBS e Powershell.&hellip; <a class=\"more-link\" href=\"https:\/\/www.pedrof.com\/blog\/pt\/2024\/workshop-reverse-engineering-de-scripts-maliciosos-em-windows\/\">Continue reading <span class=\"screen-reader-text\">Workshop &#8211; Reverse Engineering de Scripts Maliciosos em Windows<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":793,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[100],"tags":[218,240,192,282,151],"class_list":["post-549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-formacao","tag-c-days-pt","tag-cncs-pt","tag-cert-pt","tag-certificado","tag-ciberseguranca","entry"],"_links":{"self":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/posts\/549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/comments?post=549"}],"version-history":[{"count":9,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/posts\/549\/revisions"}],"predecessor-version":[{"id":788,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/posts\/549\/revisions\/788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/media\/793"}],"wp:attachment":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/media?parent=549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/categories?post=549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/tags?post=549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}