Intro to Malware Behavioral Analysis (MA01)

"The instruction format -> lecture/discussion followed by labs was most beneficial. Also your delivery of other resources located on the web and most important, the methodology behind or driving the lab. How to approach a lab or subject is just as needed as the tools. I know several times I can/have read a book/example but lack the "how to" (methodology) to achieve the learning task/experience. Thanks!"

This hands-on course focuses on tools and techniques to analyze and reverse engineer malicious software with an emphasis on quickly discovering IOCs (Indicators of Compromise). The course includes steps on how to stand up and configure an environment for safe malware analysis. The course is focused on tools and techniques used for behavioral analysis. Techniques learned will be applied to real-world malware samples where learners will identify common malware characteristics used by bots, keyloggers, rootkits, worms, etc.

PREREQUISITES

General knowledge of computer, networking, and operating system fundamentals.  Some exposure to malware, assembly language, and programming recommended.

OVERVIEW

  • Malware Analysis Overview
  • Behavioral Malware Analysis
  • Basic Static Analysis
  • Basic Dynamic Analysis

Topics Covered

intro-to-malware-analysis-training.jpg
  • File Formats
  • PE Format structure and sections
  • Functions
  • Dynamic Link Libraries
  • Virtualization Usage
  • Virtualization Detection by Malware
  • Threads
  • Handles
  • Process Trees
  • Dependency Tracing
  • Registry Modification
  • File System Manipulation
  • Network Traffic Analysis
  • Sandboxes
  • Context Piecewise Hashing (Fuzzy Hashing)
  • Malware Analysis Goals
  • Indicators of Compromise
  • Malware Signatures
  • Static and Dynamic Analysis
  • Malware Categories
  • Mass vs Targeted Malware
  • Advanced Persistent Threat (APT)
  • Malware Analysis Methodology
  • Antimalware Tools
  • Malware Attributes
  • Hashing Fundamentals
  • Strings and character encoding
  • Packed and Obfuscated Malware
  • Linked Libraries and Functions
  • DLL Hijacking
  • Magic Labels
  • Import Hashing

SOFTWARE and tools Used (NOt Inclusive)

  • Dependency Walker
  • PEview
  • PEiD
  • OllyDbg
  • Notepad++
  • Hex Editors
  • Multiple Windows Sysinternals tools
  • WinMD5
  • HashCalc
  • Wireshark
  • ncat
  • FakeNet
  • ApateDNS
  • Regshot

COURSE DURATION

3 days or 5 nights

Continuing Education Credits

21

Locations

malware-analysis-st-louis.kpg
 

Our public courses are offered less than 20 minutes from downtown St. Louis at our partner, TechGuard Security's office, located outside of Scott Air Force Base.

703 Seibert Rd, Suite 2
Scott Air Force Base, Illinois 62225

We also offer private onsite courses, at your location.  We love to travel and will gladly send a trainer to your location. Please Contact Us for more information.

FORMAT

Live, Instructor-Led Training with a dynamic trainer that is a cyber security professional. Instructors have real-world experience with the material covered in the course.

SCHEDULE

  • November 7-9, 8:30am - 4:30pm, 2017

DISCOUNTS

We offer course discounts for multiple enrollments.  Please Contact Us for more information.

Register