Intro to Malware Code Analysis Training (MA02)
Cost
$1,495
Continuing Education Credits
21 Hours
Duration
3 Days
Formats Available


Job Target
Includes
- Expert Trainers with Real-World Experience
- Available Live Online or Live In-Person
- Outstanding Reviews
Description
This hands-on course focuses on tools and techniques to analyze and reverse engineer malicious software with an emphasis on quickly discovering IOCs (Indicators of Compromise). The course includes steps on how to stand up and configure an environment for safe malware analysis. The course is focused on tools and techniques used for code-level analysis. An intro to x86 Assembly Language, Disassemblers, and Debuggers is covered. Reverse Code Engineering (RCE) techniques for both dynamic and static analysis are also discussed. Techniques learned will be applied to real-world malware samples where learners will identify common malware characteristics used by bots, keyloggers, rootkits, worms, etc.
- Malware Code Analysis Overview
- Reverse Code Engineering (RCE)
- Manual (Static) Code Reversing
- Dynamic Code Reversing
- MA01 – Intro to Malware Behavioral Analysis
- General knowledge of computer, networking, and operating system fundamentals.
- Exposure to malware, assembly language, disassemblers, debuggers, and programming recommended.
No Exam Details for this course
TOPICS COVERED
- Dependency Tracing
- Registry Modification
- File System Manipulation
- Network Traffic Analysis
- Sandboxes
- Context Piecewise Hashing (Fuzzy Hashing)
- Mutexes
- x86 and x64 Architecture
- Assembly Language
- Machine Code / Opcode
- Disassemblers
- Debuggers
- Interpreted Languages
- Stack vs Heap
- Registers and Flags
- Branching
- Windows API
- Hardware and Software Breakpoints
- Networking APIs
- Malware Analysis Goals
- Indicators of Compromise
- Malware Signatures
- Static and Dynamic Analysis
- Malware Categories
- Mass vs Targeted Malware
- Advanced Persistent Threat (APT)
- Malware Analysis Methodology
- AntiMalware Tools
- Malware Attributes
- Hashing Fundamentals
- Strings and character encoding
- Packed and Obfuscated Malware
- Linked Libraries and Functions
- DLL Hijacking
- Import Hashing
- PE Format structure and sections
- Libraries and Functions
- Virtualization Detection by Malware
- Threads, Processes, Handles
SOFTWARE AND TOOLS USED (NOT INCLUSIVE)
- Multiple Windows Sysinternals tools
- OllyDbg
- Notepad++
- Hex Editors
- WinDbg
- IDA
- HashCalc
- Wireshark
- ncat
- Regshot
- PEview
- PEiD