Malware Analysis 2

What to expect

This is a three-day course introducing students to advanced malware analysis. Each topic in the course will include lectures, labs, and lab review. We will rinse and repeat this cadence throughout the full 3 days.
Technical Content ◆◆◇ advanced

Audience

  • Security Operations Center Staff
  • Reverse Engineers
  • Incident Responders
  • Software Engineers
  • System Administrators

Applicability

This course is designed to benefit students who have already had some level of exposure to malware analysis and want to improve their skillset. We would recommend taking our Malware Analysis - Stage 1 prior to taking this course if you have never done any binary analysis.

Objectives

  • Proficiently analyze real-world malicious binaries using disassemblers, decompilers, and dynamic analysis tools
  • Modify executables in-memory to alter behavior
  • Explore bleeding edge behavioral analysis techniques such as time-travel debugging
  • Identify and analyze advanced obfuscation methods used by malware
  • Understand and defeat anti-analysis techniques
  • Leverage frontier models and agentic tool calling to reverse engineer malware

Typical Agenda

Advanced Track

For malware analysts or those who have already taken a course on malware analysis or have had extended exposure to binary analysis. Those who choose this track should have a strong knowledge of operating system internals and be comfortable working with binaries in a debugger or disassembler. We will spend 3 days delving into advanced malware analysis methods such as unpacking, defeating anti-analysis, analyzing malware written in modern languages, AI-assisted reverse engineering, and more.

Setup

We will be providing a pre-built Windows virtual machine for this course. The link to download this virtual machine will be provided via email in the weeks leading up to the event. It’s highly recommended that you use VMWare Workstation (if you’re on a Windows machine) or VMWare Fusion (if you’re on a Mac).