Hands-On Malware Analysis & Reverse Engineering

Live Instructor-Led Training (4 Days)

The hands-on training that teaches students how to analyze and contain APT attacks, ransomware and spear-phishing attacks.

HANDS-ON TRAINING

This is a practical malware analysis training full of hands-on labs and exercises to help you analyze and contains malware attacks & targeted ransomware attacks

With the rise of APT attacks, ransomware, and spear-phishing attacks, there's a huge need for malware analysis skills to analyze, investigate and contain such attacks

WHO IS THIS TRAINING FOR?

This training is for Security Professionals who want to expand their skills in red teaming, understand how real-world attacks look like and better protect their organizations against APT Attacks, Targeted Ransomware attacks and Fileless attacks

Top Takeaways from this training

  • Learning the strategies, tactics and techniques to respond to malware and ransomware attacks

  • Gain the ability to perform in-depth malware analysis for extracting the IoCs, understanding the malware capabilities and disturb its communication with the attacker

  • Gain the ability to perform digital & memory forensics investigation, setting a containment plan and answer the most critical questions from the higher management in concise professional manner.

WHAT'S IN THE TRAINING?

DAY #1

APT Attacks & Malware Investigation

  • Understanding the advanced persistent threats.

  • The attacker's tactics, techniques & procedures (MITRE ATT&CK)

  • The Incident Response Process for malware attacks

  • The APT Attack Vectors

  • Types of Malware

  • Malware analysis process

  • Walkthrough the setting up of the isolated lab environment

Basic Static Analysis

  • Questions that basic static analysis helps you to answer

  • Investigating the malware decrypted strings

  • Investigating the malware headers (PE)

  • Understand malware functionality through imported windows commands (APIs)

  • Detecting packed and encrypted malware & unpack them automatically

  • Hands-on lab exercise involves analyzing real malware samples

Behavioral Analysis & Sandboxing

  • ​Questions that behavioral analysis helps you to answer

  • Understanding Behavioral Analysis tools & techniques

  • Deep dive into network forensics for investigating malware network activity

  • Monitoring process, file system, and registry activity

  • Determining the malware indicators of compromise (IoCs)

  • Hands-on lab exercise involves analyzing a real malware sample

Spear-phishing Attacks with Malicious Documents

  • Examining a malicious office document packed with VBScript for applications macros code

  • Examining & Dissecting malicious pdf files

  • Hands-on labs to examine documents packed with malicious macros (real attacks)

DAY #2

Intro To x86/x64 Assembly

  • ​Understanding CPU registers and assembly instructions

  • Dive deeper into the assembly language and memory handling

  • Reversing assembly code blocks into a higher-level language (C++)

  • Dealing with local & global variables

Static & Dynamic Code Analysis In-Depth

  • ​Basics of IDA Pro

  • Demo: Hands-on labs for static code analysis (Hands-on Practice)

  • Basics of Ollydbg/x64dbg

  • Demo: Hands-on labs for dynamic code analysis (Hands-on Practice)

  • Investigating the windows commands calls (API calls)

  • What to look for while performing code analysis

Brief Intro to Code Analysis & Malware Functionalities

  • Intro to real malware code analysis

  • Droppers & Downloaders

  • Maintaining Persistence

  • Keylogging

  • Banking Trojans & Man in The Browser (MiTB)

  • Point of Sale Malware (POS)

  • Understanding Indication of Comprise

  • Analyze a real malware sample (Hands-on)

  • Write your own YARA rule (Hands-on)

Unpacking Packed Samples

  • ​Unpacking malware using generic unpackers

  • Manually unpacking a malware using memory breakpoint on execution

  • Dealing with anti-reverse engineering techniques

DAY #3

Dealing with Encryption

  • Understand & reverse with basic encryption algorithms

  • Deal with complex encryption algorithms, including RC4, AES, and Public key encryption

  • Uncover encrypted strings, windows commands (APIs), and domains

  • Hands-on lab exercise involves analyzing real malware samples (Hands-on Practice)

Ransomware by Example (Hands-on Real-world Scenario)

  • Basic analysis of the ransomware

  • Code analysis of the ransomware functionality

  • Understanding its files' encryption algorithm

  • Determine the possibility of decrypting the files & retrieving the key.

DAY #4

Windows Forensics & Timeline Analysis

  • ​The main goals of digital forensics and timeline analysis

  • Disk image acquisition techniques

  • Analyzing NTFS Master File Table and extracting deleted files & timestamps

  • Analyzing Windows Change Logs to detect recent file changes

  • Analyzing Prefetch files to detect loaded processes

  • Analyzing registry hives & detect persistent malware samples

  • Creating the attack timeline & understanding its root cause

  • Hands-on labs on a real sample.

Advanced Techniques: Fileless Malware & API Hooking

  • Understanding Process Internals

  • Process & Thread Environment Block Structure

  • Detect & investigate code injection

  • Remote DLL & shellcode injection

  • Process Hollowing (Stuxnet Technique)

  • API Hooking & IAT Hooking

  • Hands-on lab exercise involves investigating malware memory image

Memory Forensics & Volatility Overview

  • ​Memory Forensics Overview

  • Memory acquisition techniques

  • Introduction to Volatility

  • Determining OS of the memory image

  • Volatility basic commands

Investigation Process Memory Using Volatility

  • Identifying suspicious processes through processes' lists & trees

  • Detecting injected DLLs using Volatility

  • Identifying hidden DLLs

  • Identify malicious strings, web injects, and more information from the memory dump

  • Hands-on lab exercise involves investigating malware-infected memory

  • Detect injected code inside processes

  • Dumping malicious processes, DLLs, and injected code from memory

  • Hands-on lab exercise involves investigating Stuxnet memory dump

Reporting

  • What questions to answer in your final report

  • How to write a professional malware analysis report that is understandable for non-technical teams.

  • You will get the malware analysis report template to fill the blanks with your analysis results.

WHAT OTHER STUDENTS SAY ABOUT THIS TRAINING?

Amr Thabet


Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including
Symantec, Tenable, and others.

He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.

Amr is a speaker and a trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.

The strategies, skills, and tools required to simulate real targeted attacks and harden your organization's defenses and security teams

ALL OUR LIVE TRAINING SCHEDULE

Here is the list of the upcoming training (Virtual & In-person).

Month Training Location Dates Register
April 2022 In-Depth Investigation & Threat Hunting Virtual April 25-28, 2022 Register
June 2022 Hands-on Malware Analysis & Incident Response Virtual June 13-16 2022 Register
Aug 2022 Advanced Red Teaming: Weaponization & Adversary Simulation Virtual Aug 22-25, 2022 Register

LOOKING FOR GROUP TRAINING?

Are you looking for a group training for your team? To discuss your specific requirements, reach out to us from here

NOT YET READY YET?

You can check out our resources that will show you exactly the quality and support you can expect from our Master's Program and our Training programs, and see why MalTrak students are in such high demand

Watch Our On-Demand Webinars

The Most Demanded Cybersecurity Skills in 2024

The Step-by-Step Guide to become a 6-Figure Cybersecurity Consultant

The Only Step-by-Step Guide You Need to Combat APT & Targeted Ransomware Attacks Using Threat hunting

The top 4 reasons you are vulnerable to these attacks and how to implement threat hunting today to become more resilient against these attacks.

Enroll In Our Entry-Level Courses

Shortcut Your Career To Cybersecurity Cheatsheets

These are 3 expert-crafted copy-paste cheatsheets accompanied by a hands-on training to help you impersonate an expert in the field, analyze real cybersecurity attacks, showcase your skills to land your first job in the field

Get Our Book

WHAT ARE THE TRAINING PREREQUISITES?

All you need is:
➡️ Good IT Administration Background especially in Windows (Linux preferred)

​➡️ Good Cybersecurity & Network protocols background

​➡️Only in red team training: C++ Programming Background

WHAT HARDWARE/SOFTWARE IS REQUIRED?

Laptop with minimum 8GB RAM and 10-20 GB free hard disk space

 IS THIS A LIVE TRAINING OR ON-DEMAND COURSE

It's a live 4-days training delivered either in person or virtually through Zoom

IS THERE A RECORDING? HOW LONG DO I HAVE ACCESS TO THE CONTENT?

In case of virtual event (through zoom), you will have access to the recordings for one year after the training

DO I GET A CERTIFICATION OF COMPLETION AFTER THE TRAINING?

Yes, you will.

©2024 MalTrak Limited - All Rights Reserved.

Inniscarra, Main Street, Rathcoole, Dublin, D24 EO29