Malware Analysis 2

What to expect

This is a three day course that runs from 8:30a-5:00p. We will all sit together in one classroom.
Technical Content Advanced

Audience

  • Security Operations Center Staff
  • Reverse Engineers
  • Incident Responders
  • Software Engineers
  • System Administrators

Applicability

This course is designed to benefit students who already have some level of exposure to malware analysis and want to improve their skillset further. We would recommend taking our Malware Analysis - Stage 1 prior to taking this course.

Objectives

  • Know how to use dynamic analysis tools on executables
  • Know how to efficiently use a disassembler and decompilation for analysis
  • Trace program flow in an executable
  • Locate key sections of programs and label information to better understand purpose
  • Modify executables in-memory to alter behavior
  • Create indicators of compromise based on key code blocks
  • Identify and analyze advanced obfuscation methods used by malware
  • Identify and analyze malware written in modern languages such as Rust and Golang
  • Understand and defeat anti-analysis techniques

Typical Agenda

Advanced Track

For malware analysts or those who have already taken a course on malware analysis. Those who choose this track should have a strong knowledge of Windows internals and be comfortable working with binaries in a debugger. We will spend 3 days delving into more advanced malware analysis methods such as unpacking, kernel callbacks, defeating anti-analysis, patching, analyzing malware written in modern languages such as Rust/Golang, malware family tracking, and more.

Setup

We will be providing a pre-built Windows virtual machine for this course. The link to download this virtual machine will be provided via email in the weeks leading up to the event. It’s highly recommended that you use VMWare Workstation (if you’re on a Windows machine) or VMWare Fusion (if you’re on a Mac).