HANDs-on Malware Analysis & Reverse engineering Training
June 13 - 16, 2022 (4 days)
The hands-on training that teaches students how to analyze and contain APT attacks, ransomware and spear-phishing attacks.
Malware Analysis & Reverse Engineering Training is a hands-on training that covers targeted attacks, Fileless malware, and ransomware attacks with their techniques, strategies and the best practices to respond to them. 

You'll experience hands-on training with labs on performing malware analysis, memory forensics, and full attack investigations with different real-world samples.

This training is for Security Professionals who want to expand their skills or beginners and newcomers to the malware incident response wanting to learn Malware Analysis, Reverse Engineering and Memory Forensics.

  • Cyber Security Investigators
  • ​Cyber Security Heads & Managers
  • ​Security Researchers
  • ​Information Technology Heads and Managers
  • Forensic Practitioners
  • ​Incident Responders
  • ​Malware Analysts
  • ​SOC Analysts

We help cybersecurity professionals protect their organizations from the biggest threats they are facing and become the go-to experts in their team

The number of malware attacks is undoubtedly on the rise, targeting government, military,  public and private sectors. These cyber-attacks focus on targeting individuals or organizations with an effort to extract valuable information, gaining money through a ransom or damaging their reputation. 

Malware has become the top threat leading to data breaches nowadays according to FireEye Cyber Trendscape Report 2020 which could cost up to €20 million in fines, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. 

Small and med-sized businesses are not far from the threat. 22% of small-med-sized  businesses that experienced a ransomware attack ceased business operations immediately and 55% of them that lose data become unprofitable within 30 days. (Sources: HelpNetSecurity & Better Business Bureaus 2017) 

With these shocking numbers, detecting and responding to malware attacks become an essential skill for any response team. 
The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
Day 1

APT Attacks & Malware Analysis

  • What is an APT Attack?
  • ​What are the Attack Stages? And what’s MITTRE ATTACK?
  • The incident response process for malware attacks
  • ​The APT Attack Vectors
  • ​Types of Malware
  • ​Malware Analysis Process
  • ​Walkthrough the setting up of the isolated lab environment

Basic Static Analysis

  • Questions that basic static analysis helps you to answer
  • ​Investigating the malware decrypted strings
  • Investigating the malware headers (PE)
  • ​Understand malware functionality through imported windows commands (APIs)
  • ​Detecting packed and encrypted malware & unpack them automatically
  • ​Hands-on lab exercise involves analyzing real malware samples

Behavioral Analysis & Sandboxing

  • Questions that behavioral analysis helps you to answer
  • ​Understanding Behavioral Analysis tools & techniques
  • Deep dive into network forensics for investigating malware network activity
  • Monitoring process, file system and registry activity
  • ​Determining the malware indicators of compromise (IoCs)
  • ​Hands-on lab exercise involves analyzing real malware sample

Spear-phishing Attacks with Malicious Documents:

  • Examining a malicious office document packed with vbscript macros
  • ​Examining & Dissecting malicious .pdf files
  • Hands-on labs to examine documents packed with malicious macros (real attacks)
Day 2

Intro To x86/x64 Assembly

  • Understanding CPU registers and assembly instructions
  • ​Dive deeper in the assembly language and memory handling
  • Reversing assembly code blocks into a higher-level language (C++)
  • Dealing with local & global variables

Static & Dynamic Code Analysis In-Depth

  • Basics of IDA Pro
  • ​Demo: Hands-on labs for static code analysis (Hands-on Practice)
  • Basics of Ollydbg/x64dbg
  • ​Demo: Hands-on labs for dynamic code analysis (Hands-on Practice)
  • ​Investigating the windows commands calls (API calls)
  • ​What to look for while performing code analysis
  • ​Demo involves analyzing real malware sample

Brief Intro to Code Analysis & Malware Functionalities: 

  • Intro to code analysis
  • ​Droppers & Downloaders
  • Maintaining Persistence
  • Keylogging
  • ​Banking Trojans & Man in The Browser (MiTB)
  • ​Point of Sale Malware (POS)
  • ​Understanding Indication of Comprise
  • ​Write your own YARA rule

Unpacking Packed Samples

  • Unpacking malware using generic unpackers
  • ​Manually unpacking a malware using memory breakpoint on execution
  • Dealing with anti-reverse engineering techniques
Day 3

Dealing with Encryption

  • Understand & reverse with basic encryption algorithms
  • Deal with complex encryption algorithms including RC4, AES, and Public key encryption
  • Uncover encrypted strings, windows commands (APIs), and domains
  • ​Hands-on lab exercise involves analyzing real malware samples (Hands-on Practice)

Ransomware by Example (Hands-on Real-world Scenario)

  • Basic analysis of the ransomware 
  • ​Code analysis of the ransomware functionality
  • Understanding its files' encryption algorithm
  • Determine the possibility of decrypting the files & retrieving the key
Day 4

Windows Forensics & Timeline Analysis

  • Why performing digital forensics and timeline analysis?
  • Disk image acquisition techniques
  • Analyzing NTFS Master File Table and extracting deleted files & timestamps
  • ​Analyzing Windows Change Logs to detect recent files' changes
  • ​Analyzing Prefetch files to detect loaded processes
  • Analyzing registry hives & detect persistence malware samples
  • Creating the attack timeline & understanding its root cause
  • ​hands-on labs on a real sample

Advanced Techniques: Fileless Malware & API Hooking

  • Understanding Process Internals
  • ​Process & Thread Environment Block Structure
  • Detect & investigate code injection
  • ​Remote DLL & shellcode injection
  • ​Process Hollowing (Stuxnet Technique)
  • ​API Hooking & IAT Hooking
  • ​Hands-on lab exercise involves investigating malware memory image

Investigation Process Memory Using Volatility

  • Memory Forensics Overview & memory acquisition techniques
  • Introduction to Volatility
  • ​Volatility basic commands​
  • Identifying suspicious process through processes lists & trees
  • ​Detecting injected DLLs using Volatility
  • Identifying hidden DLLs
  • ​Identify malicious strings, webinjects and more information from the memory dump
  • Hands-on lab exercise involves investigating malware infected memory
  • ​Detect injected code inside processes
  • ​Dumping malicious processes, DLLs and injected code from memory
  • ​Hands-on lab exercise involves investigating Stuxnet memory dump

Intro to Threat Hunting

  • What's Threat hunting & why threat hunting
  • ​Types of Threat hunting
  • How to perform threat hunting
  • ​Practical example on Endpoint threat hunting using sysmon
  • Writing your own Sigma rules

Amr Thabet

Amr Thabet is a malware researcher and an incident handler with over 10 years of experience, he worked in some of the Fortune 500 companies including Symantec, Tenable, and others. 

He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing.

Amr has spoken at top security conferences all around the world, including DEFCON, Hack In Paris and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

His mission is to help security professionals all around the world to build their expertise in malware analysis, threat hunting, red teaming. and most importantly, protect their organization's infrastructure from targeted attacks, ransomware attacks, and APT attacks.
The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it."
- Fung Dao Ying, System Analyst in Bintulu Port
“Before the training, I had the experience with malware analysis, but it was more on the behavioral side of the malware. So after this training, I was able to go more in depth with malware analysis on binary code, and reverse engineering. The training was great. It was very comprehensive. And I liked the hands-on labs & demos.”
- Kate, Cyber Security Consultant

The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.

  •  Should be familiar with using Windows/Linux 
  • ​Should have an understanding of basic programming concepts. Programming experience is not mandatory.
  • Laptop with minimum 8GB RAM and 60GB free hard disk space
  • ​Laptop with USB ports, lab samples, and custom Windows VM will be shared via USB sticks
  • ​VMware Workstation or VMware Fusion (even trial versions can be used). You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation.
  • ​Delegates must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.
Note: VMware player is not suitable for this training.
WHAT materials are provided?
  • Training Prerequisite & Lab Setup Guide: a step by step guide to prepare your isolated virtualized environment for executing and analyzing malware
  • ​Malware Analysis Lab VM (Windows 7 VM) with all required tools pre-installed. It will be provided in .ova format
  • ​The labs/exercises samples and memory images.
  • ​A printed copy of mastering Malware Analysis Book
  • ​A printed copy of Malware Analysis & Reverse Engineering Workbook which includes all the exercises taught in the training with step by step solutions to them.
HOW LONG IS THE TRAINING AND WHAT's the schedule like?
The training is a total of 3 days. Each day will have a schedule that looks like the following:

8:15am : Registration & Breakfast
9:00am : Workshop Starts
10:30am : Morning Tea-Break (15 mins)
1:00pm : Lunch
3:30pm : Afternoon Tea-Break (15 mins)
6:00pm : Workshop Ends (Depends on trainer)

Mission  |  Books  |  Training  |  About Us  |  Contact

18 Garnish Square, D15, Dublin, Ireland
©2020  MalTrak - All Rights Reserved.