Malware analysis

This one-day course covers basic techniques, tools and approaches used for identification and analysis of different types of malicious code and discovery of its main functions. It teaches the skills necessary for basic analysis of suspicious files and processes in the context of everyday security operations as well as during incident investigation and response.

The course is highly practical in nature and gives trainees a chance to try out a multitude of different tools and techniques during analysis of different types of real-world malware - from static analysis of VBS scripts and Office documents to dynamic analysis of EXE files.

Our Reverse engineering and intermediate malware analysis course is available as an extension to this training.


Contents

  1. Malware classification and different techniques and vectors of infection
  2. Sample triage and analysis of potentially infected machines
    • Detection of active and dormant malicious code
    • Common persistence techniques
    • Fileless malware and its detection
    • Threat hunting of malicious code
  3. Basic approach to analysis of malicious samples
    • Identification and use of IoCs
    • Different techniques for deobfuscation of malicious code
    • Static and dynamic analysis benefits and drawbacks
  4. Most common malicious file types and tools and procedures for their static and/or dynamic analysis
    • Archives and images
    • Office documents
    • PDFs
    • LNK files
    • Scripts
    • PE files

The course is aimed at

  • Senior Security Operations Center (SOC) analysts
  • Computer Security Incident Response Team (CSIRT) operators
  • Security specialists who deal with potentially malicious files on a daily basis
  • Anyone who want to learn basics of malware analysis

Prerequisites

  • User-level experience with Windows
  • User-level experience with Linux
  • Experience with programming/scripting
  • Familiarity with most common networking protocols (TCP, UDP, IP, ICMP, DNS, HTTP, etc.)
  • Familiarity with common security technologies (IDS/IPS, EDR, antivirus, etc.)

Additional requirements

A properly configured laptop with installed hypervisor capable of creating “snaphots” of virtual machines is required to participate in an online version of the course. The latop has to be able to allocate 2 vCPUs, 8 GB RAM and 100 GB of storage space to a virtual machine, which will be used during the training. A virtual machine, based on the Windows 10 operating system, has to be individually prepared by each participant according to provided instructions before start of the course.

Materials

Trainees will receive an electronic version of the study materials.

Duration

1 day

Currently available training dates

Date Location Language Price (before VAT)
30. 9. 2024 Prague Czech 19 500 CZK Registration

If the currently available dates don’t suite you, or if you are interested in a private run of the training for your organization, don’t hesitate to contact us.