SECRET ACNO Skill 12: Malware Analysis 8: Reverse Engineering Knowledge of: Relevant Operating Systems. Current trends in attack vectors ti targeted applications protocols services. tvlalware bootstraping, persistence, communication protocols and propagation techniques. Exploitation techniques (stack heap overflows, XSS, SQL Injection, etc). Personal Security Products (Anti-Virus, HIDS, etc). Public and 5-eyes malware analysis tools. File formats and content verification tools. anti-debugging anti-emulation techniques. Ability to: Identify malicious code. Analyse and understand captured malware. Identify and construct signatures heuristics for detection. Reverse engineer malware. Use IDA Pro to statically uncover and annotate functionality. Determine sophistication level of malware. Apply malware discovery tools and techniques. Develop malware discovery analysis tools. Provide mitigation advice. LevelO Understands basic concept of malware identification and analysis but does not yet have the breadth of knowledge needed to apply this skill in an operational context. Has basic understanding of attack vectors and impact of an infection. Level1 Has knowledge of open-source and commercial SRE tools and techniques. Can determine basic functionality of malware using these tools, but requires technical guidance to go further. Level2 Has detailed knowledge of internal and 5-eyes analysis tools, and how they operate. Works unsupervised to high-level task de?nitions. Develops discovery and analysis tools to enhance capability. Can determine main functionality of malware through static analysis SRE). Level3 Provides technical direction and guidance to colleagues. Considered a known point of reference in the field. Contributes to key architectural design decisions when developing new capability. Displays advanced SRE skills, and uses experience to provide accurate sophistication 8f. impact assessments. Level4 Considered an expert in the field ofmalware analysis, and a point of reference throughout the intelligence community and possibly industry. Consistently delivers, and leads the development of groundbreaking capability. Speaks at conferences and ?Iof2 .- SECRET SECRET delivers specialised training in the ?eld. Has a wealth of experience relating to malware trends at evclving techniques. 20f2 SECRET