Malware Analysis 1

What to expect

This is a three day course that runs from 8:30a-5:00p. We will all sit together in one classroom. Each topic in the course will include lectures, quizzes, labs, and lab review. We will rinse and repeat this cadence throughout the full 3 days.
Technical Content Intermediate

Audience

  • Security Operations Center Staff
  • Reverse Engineers
  • Incident Responders
  • Software Engineers
  • System Administrators

Applicability

This course is designed to benefit students of any level. Whether you’re new to the field and want a high level overview of malware analysis, or you’re an experienced analyst in search of a refresher, we’ve got you covered. If you’re looking for more of a challenge, you may want to consider the Malware Analysis - Stage 2 course.

Objectives

  • Understand the structure of a PE header
  • Know how to use static analysis tools on executables
  • Know how to use dynamic analysis tools on executables
  • Trace program flow in an executable
  • Locate key sections of programs and label information to better understand purpose
  • Understand and write yara rules
  • Identify and analyze common malware techniques

Typical Agenda

Main Track

You will spend the first day participating in instructor directed lectures and labs covering the safe handling of malware and Windows Internals. The second day will include basic static and dynamic analysis and start on the basics of x86 assembly. The third day will finish x86 assembly, introduce yara, and go in-depth into various common malware techniques.

Setup

We will be providing a pre-built Windows virtual machine for this course. The link to download this virtual machine will be provided via email in the weeks leading up to the event. It’s highly recommended that you use VMWare Workstation (if you’re on a Windows machine) or VMWare Fusion (if you’re on a Mac).