Malware Analysis & Digital Investigations

This course will take you step-by-step, with lots of hands-on practice, enabling you to learn malware analysis in a quick and simple training.
Custom Engagement

Reserve your seat now and cancel for any reason for a 100% refund.*

Schedule:


June 13th, 14th, 15th, and 16th 11:00 AM – 06:00 PM UTC Timezone (4 days).

Syllabus


  • Intro
    • Watch First
    • Mastering Malware Analysis Book
    • Resources
  • Module 00 - Install Virtual Machine
    • Download The Virtual Machine
    • Installing VM in VirtualBox
    • Installing VM in VMWare
    • Copying Malware Samples To VM
    • Executing Commands inside the VM
  • Module 01 - APT Attacks and Malware Analysis Overview
    • 01 - Intro
    • 02 - History
    • 03 - APT Attacks
    • 04 - Malware Types
    • 05 - Analyzing Malicious Documents
    • 06 - Scenario 01 - FIN7 Spear-phishing Attack
    • Workbook & Labs
    • Quiz #1
  • Module 02 - Incident Response Process
    • 01 - Incident Discovery And Log Analysis P1
    • 02 - Incident Response And Log Analysis P2
    • 03 - Splunk
    • 04 - Packet Analysis
    • 05 - Packet Analysis Demo
    • Workbook & Labs
    • Quiz #2
  • Module 03 - Malware Analysis Process
    • 01 - Malware Analysis Process
    • 02 - How To Approach a Sample
    • 03 - Basic Static Analysis
    • 04 - Behavioral Analysis
    • 05 - Pony Malware - Tool Intro
    • 06 - Pony Malware - Basic Static Analysis
    • 07 - Pony Malware - Behavioral Analysis
    • Workbook & Labs
    • Quiz #
  • Module 04 - x86 Assembly & Code Analysis
    • C++ Intro 01 - Get Started with your first program
    • C++ Intro 02 - Memory And Variables
    • C++ Intro 03 - Conditional Commands
    • C++ Intro 04 - Loops
    • C++ Intro 05 - Functions
    • C++ Intro 06 - Communicate with the world
    • 01 - x86 Assembly And Memory
    • 02 - x86 Assembly Instructions
    • 03 - x86 Assembly To C
    • 04 - x86 Assembly Local Variables
    • 05 - Static Analysis Level 00
    • 06 - Static Analysis Level 01
    • 07 - Static Analysis Level 02
    • 08 - Static Analysis Level 03
    • 09 - Intro to Dynamic Analysis
    • 10 - Dynamic Analysis Level 03
    • 11 - Dynamic Analysis Level 04
    • 12 - Example From a Real Malware
    • Workbook & Labs
  • Module 05 - Windows Internals & Malware Analysis
    • 01 - Application Execution Process
    • 02 - APIs and DLLs
    • 03 - Tibet APT Attack Intro
    • 04 - Tibet Malware Analysis Part 1
    • 05 - Tibet Malware Analysis Part 2
    • 06 - Tibet Malware Analysis Part 3
    • 07 - Tibet Malware Analysis Part 4
    • 08 - Tibet Malware Analysis Part 5
    • 09 - Tibet Malware Analysis Part 6
    • Workbook & Labs
  • Module 06 - Encryption and Encoding
    • 01 - Encoding vs. Encryption
    • 02 - Tibet Malware DecryptFunc Demo
    • 03 - RC4 Algorithm Analysis P.1
    • 04 - RC4 Algorithm Analysis P.2
    • 05 - RSA Encryption Algorithms
    • 06 - Manual Unpacking
    • 07 - Manual Unpacking Demo P.1
    • 08 - Manual Packing Demo P.2
    • Workbook & Labs
    • Quiz #6
  • Module 07 - Process Injection & Anti-Reversing Techniques
    • 01 - Process Injection Intro
    • 02 - Process Injection How it Works
    • 03 - Process Injection Demo 01
    • 04 - Process Injection Demo 02
    • 05 - Process Injection Demo 03
    • 06 - Anti-Reversing Techniques 01
    • 07 - Anti-Reversing Techniques 02
    • 08 - Anti-Reversing Techniques 03
    • Workbook & Labs
  • Module 08 - Banking Trojans And API Hooking
    • 01 - Web injects
    • 02 - API Hooking
    • 03 - API Hooking Demo 01
    • 04 - API Hooking Demo 02
    • 05 - POS Malware In Brief
    • 06 - Dexter POS Malware Demo 01
    • 07 - Dexter POS Malware Demo 02
    • 09 - Digital And Memory Forensics
    • 10 - Memory Forensics Demo
    • Workbook & Labs
  • Module 09 - Exploits And Shellcode
    • 01 - Vulnerabilities and Exploits
    • 02 - Shellcode
    • 03 - Shellcode Analysis Demo 01
    • 04 - Shellcode Analysis Demo 02
    • 05 - Analyzing Malicious Documents
    • 06 - PDFStreamDumper Demo
    • 07 - Analyzing Malicious Documents 02
    • 08 - Analyzing Malicious Documents 03
    • Workbook & Labs
  • Module 10 - Kernel-Mode Rootkits
    • 01 - Windows Kernel Internals
    • 02 - Kernel-Mode Hooking
    • 03 - MRxNet - Stuxnet Rootkit
    • 04 - MRxNet - Stuxnet Rootkil 02
    • 05 - Process Injection From Kernel-Mode
    • 06 - winSRDF and Process Injection Demo
    • Workbook & Labs
  • Module 11 - Threat Intelligence & Machine Learning
    • 01 - Threat Intel Intro
    • 02 - Yara Signatures Demo 01
    • 03 - Yara Signatures Demo 02
    • 04 - Connecting The Dots
    • 05 - Machine Learning Intro
    • 06 - Machine Learning Step by Step
    • Workbook & Labs
  • Bonus: Malware Analysis Report Template
    • Download Report Template
  • Malware Analysis Real Scenarios
    • EMOTET - 01 - 1st Stage With Macro
    • EMOTET - 02 - 2nd Stage - Dropper
    • EMOTET - 03 - 3rd Stage
    • EMOTET - 04 - Main Malware
    • EMOTET - Samples & IDBs
    • EMOTET - Analysis Report
    • WANNACRY - Main Highlights
    • WANNACRY - Analysis Report
    • NOTPETYA - Main Highlights
    • NOTPETYA - Samples & IDBs
    • NOTPETYA - Analysis Report

Description:


Malware Analysis & Digital Investigations Training is a hands-on training covering targeted attacks, Fileless Malware, ransomware attacks with their techniques, strategies, and the best practices to respond to them. 

You'll experience hands-on training with labs on performing malware analysis, memory forensics, and full attack investigations with different real-world samples. Course objectives are:

  • Understand the lifecycle of a targeted attack and the techniques attackers use to get into the target organization (Spear-phishing, drive-by-download).
  • Perform basic static & behavioral analysis of malware in an isolated and virtualized environment.
  • Understand the basics of the x86 assembly language.
  • Be able to determine malware functionality using IDA Pro and Ollydbg/x64dbg.
  • Be able to extract network and host-based IOCs.
  • Analyze downloaders, droppers, keyloggers, fileless malware, HTTP backdoors.
  • Perform memory forensics on an infected machine and extract the malware artifacts from its memory.

WHO IS THIS TRAINING FOR?


This training is for:

  • SOC Analysts
  • DFIR Professionals
  • Malware Analysts
  • Security Researchers

Who want to expand their skills in threat hunting, understand how real-world attacks look like, and better protect their organizations against APT Attacks, Targeted Ransomware attacks, and Fileless attacks.

Pre-requisites


  • Basic windows administrations (Linux as well is preferred)
  • Good understanding of windows protocols.

Course Author


Amr is a vulnerability researcher at Tenable and a former malware researcher at Symantec. He is the author of Mastering Malware Analysis, published by Packt Publishing. He had worked on analyzing multiple nation-state-sponsored attacks, including the NSA malware families (Stuxnet & Regin), North Korea (Contopee), and many other highly advanced attacks.

Amr has spoken at top security conferences worldwide, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

Training Highlights


The number of malware attacks is undoubtedly rising, targeting government, military, public and private sectors. These cyber-attacks target individuals or organizations to extract valuable information, gain money through a ransom or damage their reputation.

Malware has become the top threat leading to data breaches nowadays, according to FireEye Cyber Trendscape Report 2020, which could cost up to €20 million in fines, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.

Small and mid-sized businesses are not far from the threat. 22% of small-mid-sized companies that experienced a ransomware malware attack ceased business operations immediately. 55% of them that lose data become profitless within 30 days, so Detecting and responding to malware attacks become an essential skill for any response team with these shocking numbers.
 

What You Will Receive


 

  •  The training videos will be provided for streaming through Cyberdefenders platform.
  • Mastering Malware Analysis ebook.
  • The training workbook for additional exercises and solutions.
  • A malware analysis virtual machine with over 100 different tools (works on VMware and VirtualBox).
  • All labs samples with their analysis.

 

System Requirements


  • Laptop with minimum 8GB RAM and 60GB free hard disk space.
  • ​You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation (you can use the trial version). 
  • ​Delegates must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.
  • ​Delegates have Microsoft Visual Studio or GNU C++ Compiler installed on their machine and their preferred Code Editor (Visual Studio or VS Code are preferred)
Note: VMware player is not suitable for this training.

Group Discounts:


  • A discount of $150 per training applies to organizations registering 2-4 seats.
  • A discount of $200 per training applies to organizations registering 5 or more seats.

7 days 100% Money Back Guarantee


If you are not satisfied for ANY reason, simply request a refund and we will return your money.  No questions asked!