This is a three day course that runs from 8:30a-5:00p. We will all sit together in one classroom. Each topic in the course will include lectures, quizzes, labs, and lab review. We will rinse and repeat this cadence throughout the full 3 days.

• Security Operations Center Staff
• Reverse Engineers
• Incident Responders
• Software Engineers
• System Administrators

This course is designed to benefit students of any level. Whether you’re new to the field and want a high level overview of malware analysis, or you’re an experienced analyst in search of a refresher, we’ve got you covered. If you’re looking for more of a challenge, you may want to consider the Malware Analysis - Stage 2 course.

• Understand the structure of a PE header
• Know how binary executables are loaded into memory and executed
• Know how to use static analysis tools on executables
• Know how to use dynamic analysis tools on executables
• Trace program flow in an executable
• Locate key sections of programs and label information to better understand purpose
• Understand and write yara rules
• Identify and analyze common malware techniques

We recommend you begin configuring your VM early, allowing time for things to go wrong. We strongly recommend that you use VMWare Workstation Pro (Windows and Linux) or VMWare Fusion (OS X). You can try it out for 30 days for free, though you’ll likely want a license if you’re going to be analyzing malware regularly. VMWare Workstation Player will not suffice for our purposes, as we need the ability to create snapshots and Workstation Player does not provide this ability. The instructors will not be prepared to troubleshoot issues outside of the recommended platform. We have had students successfully use VirtualBox in the past as well.