Hands-On Malware Analysis & Reverse Engineering
Live Instructor-Led Training (4 Days)
The hands-on training that teaches students how to analyze and contain APT attacks, ransomware and spear-phishing attacks.
HANDS-ON TRAINING
This is a practical malware analysis training full of hands-on labs and exercises to help you analyze and contains malware attacks & targeted ransomware attacks
With the rise of APT attacks, ransomware, and spear-phishing attacks, there's a huge need for malware analysis skills to analyze, investigate and contain such attacks
WHO IS THIS TRAINING FOR?
This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks
Top Takeaways from this training
Learning the strategies, tactics and techniques to respond to malware and ransomware attacks
Gain the ability to perform in-depth malware analysis for extracting the IoCs, understanding the malware capabilities and disturb its communication with the attacker
Gain the ability to perform digital & memory forensics investigation, setting a containment plan and answer the most critical questions from the higher management in concise professional manner.
WHAT'S IN THE TRAINING?
DAY #1
APT Attacks & Malware Investigation
Understanding the advanced persistent threats.
The attacker's tactics, techniques & procedures (MITRE ATT&CK)
The Incident Response Process for malware attacks
The APT Attack Vectors
Types of Malware
Malware analysis process
Walkthrough the setting up of the isolated lab environment
Basic Static Analysis
Questions that basic static analysis helps you to answer
Investigating the malware decrypted strings
Investigating the malware headers (PE)
Understand malware functionality through imported windows commands (APIs)
Detecting packed and encrypted malware & unpack them automatically
Hands-on lab exercise involves analyzing real malware samples
Behavioral Analysis & Sandboxing
Questions that behavioral analysis helps you to answer
Understanding Behavioral Analysis tools & techniques
Deep dive into network forensics for investigating malware network activity
Monitoring process, file system, and registry activity
Determining the malware indicators of compromise (IoCs)
Hands-on lab exercise involves analyzing a real malware sample
Spear-phishing Attacks with Malicious Documents
Examining a malicious office document packed with VBScript for applications macros code
Examining & Dissecting malicious pdf files
Hands-on labs to examine documents packed with malicious macros (real attacks)
DAY #2
Intro To x86/x64 Assembly
Understanding CPU registers and assembly instructions
Dive deeper into the assembly language and memory handling
Reversing assembly code blocks into a higher-level language (C++)
Dealing with local & global variables
Static & Dynamic Code Analysis In-Depth
Basics of IDA Pro
Demo: Hands-on labs for static code analysis (Hands-on Practice)
Basics of Ollydbg/x64dbg
Demo: Hands-on labs for dynamic code analysis (Hands-on Practice)
Investigating the windows commands calls (API calls)
What to look for while performing code analysis
Brief Intro to Code Analysis & Malware Functionalities
Intro to real malware code analysis
Droppers & Downloaders
Maintaining Persistence
Keylogging
Banking Trojans & Man in The Browser (MiTB)
Point of Sale Malware (POS)
Understanding Indication of Comprise
Analyze a real malware sample (Hands-on)
Write your own YARA rule (Hands-on)
Unpacking Packed Samples
Unpacking malware using generic unpackers
Manually unpacking a malware using memory breakpoint on execution
Dealing with anti-reverse engineering techniques
DAY #3
Dealing with Encryption
Understand & reverse with basic encryption algorithms
Deal with complex encryption algorithms, including RC4, AES, and Public key encryption
Uncover encrypted strings, windows commands (APIs), and domains
Hands-on lab exercise involves analyzing real malware samples (Hands-on Practice)
Ransomware by Example (Hands-on Real-world Scenario)
Basic analysis of the ransomware
Code analysis of the ransomware functionality
Understanding its files' encryption algorithm
Determine the possibility of decrypting the files & retrieving the key.
DAY #4
Windows Forensics & Timeline Analysis
The main goals of digital forensics and timeline analysis
Disk image acquisition techniques
Analyzing NTFS Master File Table and extracting deleted files & timestamps
Analyzing Windows Change Logs to detect recent file changes
Analyzing Prefetch files to detect loaded processes
Analyzing registry hives & detect persistent malware samples
Creating the attack timeline & understanding its root cause
Hands-on labs on a real sample.
Advanced Techniques: Fileless Malware & API Hooking
Understanding Process Internals
Process & Thread Environment Block Structure
Detect & investigate code injection
Remote DLL & shellcode injection
Process Hollowing (Stuxnet Technique)
API Hooking & IAT Hooking
Hands-on lab exercise involves investigating malware memory image
Memory Forensics & Volatility Overview
Memory Forensics Overview
Memory acquisition techniques
Introduction to Volatility
Determining OS of the memory image
Volatility basic commands
Investigation Process Memory Using Volatility
Identifying suspicious processes through processes' lists & trees
Detecting injected DLLs using Volatility
Identifying hidden DLLs
Identify malicious strings, web injects, and more information from the memory dump
Hands-on lab exercise involves investigating malware-infected memory
Detect injected code inside processes
Dumping malicious processes, DLLs, and injected code from memory
Hands-on lab exercise involves investigating Stuxnet memory dump
Reporting
What questions to answer in your final report
How to write a professional malware analysis report that is understandable for non-technical teams.
You will get the malware analysis report template to fill the blanks with your analysis results.
WHAT OTHER STUDENTS SAY ABOUT THIS TRAINING?
Amr Thabet
Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including
Symantec, Tenable, and others.
He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.
Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams
ALL OUR LIVE TRAINING SCHEDULE
Here is the list of the upcoming training (Virtual & In-person).
| Month | Training | Location | Dates | Register |
|---|---|---|---|---|
| April 2022 | In-Depth Investigation & Threat Hunting | Virtual | April 25-28, 2022 | Register |
| June 2022 | Hands-on Malware Analysis & Incident Response | Virtual | June 13-16 2022 | Register |
| Aug 2022 | Advanced Red Teaming: Weaponization & Adversary Simulation | Virtual | Aug 22-25, 2022 | Register |
LOOKING FOR GROUP TRAINING?
Are you looking for a group training for your team? To discuss your specific requirements, reach out to us from here
NOT YET READY YET?
You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand
Watch Our On-Demand Webinars
The Most Demanded Cybersecurity Skills in 2024
The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant
The Only Step-by-Step Guide You Need to Combat APT & Targeted Ransomware Attacks Using Threat hunting
The top 4 reasons you are vulnerable to these attacks and how to implement threat hunting today to become more resilient against these attacks.
Enroll In Our Entry-Level Courses
Shortcut Your Career To Cybersecurity Cheatsheets
These are 3 expert-crafted copy-paste cheatsheets accompanied by a hands-on training to help you impersonate an expert in the field, analyze real cybersecurity attacks, showcase your skills to land your first job in the field
Get Our Book
WHAT ARE THE TRAINING PREREQUISITES?
All you need is:
➡️ Good IT Administration Background especially in Windows (Linux preferred)
➡️ Good Cybersecurity & Network protocols background
➡️Only in red team training: C++ Programming Background
WHAT HARDWARE/SOFTWARE IS REQUIRED?
Laptop with minimum 8GB RAM and 10-20 GB free hard disk space
IS THIS A LIVE TRAINING OR ON-DEMAND COURSE
It's a live 4-days training delivered either in person or virtually through Zoom
IS THERE A RECORDING? HOW LONG DO I HAVE ACCESS TO THE CONTENT?
In case of virtual event (through zoom), you will have access to the recordings for one year after the training
DO I GET A CERTIFICATION OF COMPLETION AFTER THE TRAINING?
Yes, you will.
Protecting businesses against targeted attacks through AI-powered security intelligence and expert-led services.
Inniscarra, Main Street, Rathcoole
Dublin, D24 E029, Ireland
support@maltrak.com
Resources
Company
