Hands-on Malware Analysis & Reverse Engineering
June 13 - 16, 2022 (4 days)
The hands-on training that teaches students how to analyze and contain APT attacks, ransomware and spear-phishing attacks.
HANDS-ON TRAINING
Hands-on Malware Analysis & Reverse Engineering Training is a hands-on training that covers targeted attacks, Fileless malware, and ransomware attacks with their techniques, strategies and the best practices to respond to them.
You'll experience hands-on training with labs on performing malware analysis, memory forensics, and full attack investigations with different real-world samples.
WHO IS THIS TRAINING FOR?
This training is for Security Professionals who want to expand their skills or beginners and newcomers to the malware incident response wanting to learn Malware Analysis, Reverse Engineering and Memory Forensics.
- Cyber Security Professionals
- Cyber Security Investigators
- Incident Responders
- Threat Hunters
- Forensics Practitioners
- SOC Analysts
Testimonials & Endorsements
"ONE OF THE BEST COURSES I EVER HAD"
"I have finished the Malware Analyst Mindset Program with full satisfaction. He did a fantastic job with more than 60 hours of hands-on and practice which makes it one of the rare courses out there. Let me say: One OF THE BEST Courses I EVER HAD"
- Yazeed Alabbad, Managed Cybersecurity Services ManagerE
"Clear example of operators that are experts in the field"
"We've worked with hundreds of security professionals and businesses over the years, and MalTrak are a clear example of operators that are experts in the field. With SUBSTANTIALLY deeper experience in malware/ransomware than just about any other organisation on the planet, they're who we go to for expert analysis and commentary on any new (or old) malware threats"
- Cameron Perry, COO of KBI.Media
"I CAN FINALLY ANALYZE, UNDERSTAND & CONTROL THE MALWARE"
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it"
- Fung Dao Ying, System Analyst in Bintulu
"ONE OF THE BEST COURSES I EVER HAD"
"I have finished the Malware Analyst Mindset Program with full satisfaction. He did a fantastic job with more than 60 hours of hands-on and practice which makes it one of the rare courses out there. Let me say: One OF THE BEST Courses I EVER HAD"
- Yazeed Alabbad, Managed Cybersecurity Services ManagerE
"Clear example of operators that are experts in the field"
"We've worked with hundreds of security professionals and businesses over the years, and MalTrak are a clear example of operators that are experts in the field. With SUBSTANTIALLY deeper experience in malware/ransomware than just about any other organisation on the planet, they're who we go to for expert analysis and commentary on any new (or old) malware threats"
- Cameron Perry, COO of KBI.Media
"I CAN FINALLY ANALYZE, UNDERSTAND & CONTROL THE MALWARE"
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it"
- Fung Dao Ying, System Analyst in Bintulu
The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
WHAT'S IN THE TRAINING?
DAY 1
APT Attacks & Malware Analysis
- What is an APT Attack?
- What are the Attack Stages? And what’s MITTRE ATTACK?
- The incident response process for malware attacks
- Examples of real-world APT attacks
- The APT Attack Vectors
- Types of Malware
- Malware Analysis Process
- Walkthrough the setting up of the isolated lab environment
Basic Static Analysis
- Questions that basic static analysis helps you to answer
- Investigating the malware decrypted strings
- Investigating the malware headers (PE)
- Understand malware functionality through imported windows commands (APIs)
- Detecting packed and encrypted malware & unpack them automatically
- Hands-on lab exercise involves analyzing real malware samples
Behavioral Analysis & Sandboxing
- Questions that behavioral analysis helps you to answer
- Understanding Behavioral Analysis tools & techniques
- Deep dive into network forensics for investigating malware network activity
- Monitoring process, file system and registry activity
- Determining the malware indicators of compromise (IoCs)
- Hands-on lab exercise involves analyzing real malware sample
Spear-phishing Attacks with Malicious Documents:
- Examining a malicious office document
- Reversing a VBA Macro code
- Dealing with VBA Obfuscation and VBA Stomping
- Hands-on labs to examine documents packed with malicious macros (real attacks)
DAY 2
Intro To x86/x64 Assembly
- Understanding CPU registers and assembly instructions
- Dive deeper in the assembly language and memory handling
- Reversing assembly code blocks into a higher-level language (C++)
- Dealing with local & global variables
Static & Dynamic Code Analysis In-Depth
- Basics of IDA Pro
- Demo: Hands-on labs for static code analysis (Hands-on).
- Basics of Ollydbg/x64dbg
- Demo: Hands-on labs for dynamic code analysis (Hands-on)
- Investigating the windows commands calls (API calls)
- What to look for while performing code analysis
- Hands-on analysis of a real malware sample
Brief Intro to Code Analysis & Malware Functionalities:
- Intro to code analysis: How to start your code analysis
- Droppers & Downloaders
- Maintaining Persistence
- Keylogging
- Banking Trojans & Man in The Browser (MiTB)
- Understanding Indicators of Compromise (IoCs)
- Write your own YARA rule
Unpacking Packed Samples
- Unpacking malware using generic unpackers
- Manually unpacking a malware using memory breakpoint on execution
- Dealing with anti-reverse engineering techniques
DAY 3
Dealing with Encryption
- Understand & reverse with basic encryption algorithms
- Deal with complex encryption algorithms including RC4, AES, and Public key encryption
- Uncover encrypted strings, windows commands (APIs), and domains
- Hands-on analysis of a packed malware sample
Ransomware by Example (Hands-on Real-world Scenario)
- Basic analysis of the ransomware
- Code analysis of the ransomware functionality
- Understanding its files' encryption algorithm
- Determine the possibility of decrypting the files & retrieving the key
DAY 4
Advanced Techniques: Fileless Malware & API Hooking
- Understanding Process Internals
- Process & Thread Environment Block Structure
- Detect & investigate code injection
- Remote DLL & shellcode injection
- Process Hollowing (Stuxnet Technique)
- API Hooking & IAT Hooking
- Hands-on lab exercise involves investigating malware memory image
Investigation Process Memory Using Volatility
- Memory Forensics Overview & memory acquisition techniques
- Introduction to Volatility & Basic Commands
- Identifying suspicious process through processes lists & trees
- Detecting injected Shellcode & DLLs using Volatility
- Identify malicious strings, webinjects and more information from the memory dump
- Dumping malicious processes, DLLs and injected code from memory for further investigation
- Hands-on lab exercise involves investigating an APT attack (Win 10 machine)
Intro to Threat Hunting
- What's Threat hunting & why threat hunting
- Types of Threat hunting
- How to perform threat hunting
- Practical example on Endpoint threat hunting using sysmon
YOUR INSTRUCTOR
Amr Thabet
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
ALL OUR LIVE TRAINING SCHEDULE
LOOKING FOR GROUP TRAINING?
We offer group training discounts for both our live training and on-demand sessions organisations. To discuss your specific requirements, book a time to speak with one of our consultants to discuss your options.
NOT YET READY YET?
You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand
Watch Our On-Demand Webinars
The Most Demanded Cybersecurity Skills in 2023
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
Enroll In Our Entry-Level Courses
Kickstart Your Cybersecurity Career
This training will give you the fundamental skills and the roadmap you need to build a successful career in cybersecurity.
Watch Our On-Demand Webinars
The Most Demanded Cybersecurity Skills in 2023
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
Enroll In Our Entry-Level Courses
Kickstart Your Cybersecurity Career
This training will give you the fundamental skills and the roadmap you need to build a successful career in cybersecurity.
STILL GOT QUESTIONS? WE GOT YOU!
Frequently Asked Questions
WHAT ARE THE TRAINING PREREQUISITES?
- Good IT Administration Background especially in Windows (Linux preferred)
- Good Cybersecurity & Network protocols background
- C++ Programming Background (Only in the Advanced Red Teaming Training)
WHAT HARDWARE/SOFTWARE IS REQUIRED?
- Laptop with minimum 8GB RAM and 60GB free hard disk space
- VMware Workstation or VMware Fusion (even trial versions can be used). You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation.
- Delegates have Microsoft Visual Studio or GNU C++ Compiler installed on their machine and their preferred Code Editor (Visual Studio or VS Code are preferred)