HANDs-on Malware Analysis & Incident Response  Training
The hands-on training that teaches students how to analyze and contain APT attacks, ransomware and spear-phishing attacks.
HANDS-ON TRAINING
Malware Analysis & Incident Response Training is a hands-on training that covers targeted attacks, Fileless malware, and ransomware attacks with their techniques, strategies and the best practices to respond to them. 

You'll experience hands-on training with labs on performing malware analysis, memory forensics, and full attack investigations with different real-world samples.
WHO IS THIS TRAINING FOR?

This training is for Security Professionals who want to expand their skills or beginners and newcomers to the malware incident response wanting to learn Malware Analysis, Reverse Engineering and Memory Forensics.

  • Cyber Security Investigators
  • ​Cyber Security Heads & Managers
  • ​Security Researchers
  • ​Information Technology Heads and Managers
  • Forensic Practitioners
  • ​Incident Responders
  • ​Malware Analysts
  • ​SOC Analysts

We help cybersecurity professionals protect their organizations from the biggest threats they are facing and become the go-to experts in their team

THE THREAT YOU CAN'T IGNORE
THE THREAT YOU CAN'T IGNORE
The number of malware attacks is undoubtedly on the rise, targeting government, military,  public and private sectors. These cyber-attacks focus on targeting individuals or organizations with an effort to extract valuable information, gaining money through a ransom or damaging their reputation. 

Malware has become the top threat leading to data breaches nowadays according to FireEye Cyber Trendscape Report 2020 which could cost up to €20 million in fines, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. 

Small and med-sized businesses are not far from the threat. 22% of small-med-sized  businesses that experienced a ransomware attack ceased business operations immediately and 55% of them that lose data become unprofitable within 30 days. (Sources: HelpNetSecurity & Better Business Bureaus 2017) 

With these shocking numbers, detecting and responding to malware attacks become an essential skill for any response team. 
The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
WHAT'S IN THE TRAINING?
Day 1

APT Attacks & Malware Analysis

  • What is an APT Attack?
  • ​What are the Attack Stages? And what’s MITTRE ATTACK?
  • The incident response process for malware attacks
  • ​The APT Attack Vectors
  • ​Types of Malware
  • ​Malware Analysis Process
  • ​Walkthrough the setting up of the isolated lab environment

Basic Static Analysis

  • Questions that basic static analysis helps you to answer
  • ​Investigating the malware decrypted strings
  • Investigating the malware headers (PE)
  • ​Understand malware functionality through imported windows commands (APIs)
  • ​Detecting packed and encrypted malware & unpack them automatically
  • ​Hands-on lab exercise involves analyzing real malware samples

Behavioral Analysis & Sandboxing

  • Questions that behavioral analysis helps you to answer
  • ​Understanding Behavioral Analysis tools & techniques
  • Deep dive into network forensics for investigating malware network activity
  • Monitoring process, file system and registry activity
  • ​Determining the malware indicators of compromise (IoCs)
  • ​Hands-on lab exercise involves analyzing real malware sample

Code Analysis & Malware Functionalities

  • Intro to code analysis
  • ​Droppers & Downloaders
  • Maintaining Persistence
  • Keylogging
  • ​Banking Trojans & Man in The Browser (MiTB)
  • ​Point of Sale Malware (POS)
  • ​Understanding Indication of Comprise
  • ​Write your own YARA rule
Day 2

Intro To x86/x64 Assembly

  • Understanding CPU registers and assembly instructions
  • ​Dive deeper in the assembly language and memory handling
  • Reversing assembly code blocks into a higher-level language (C++)
  • Dealing with local & global variables

Static & Dynamic Code Analysis In-Depth

  • Basics of IDA Pro
  • ​Demo: Hands-on labs for static code analysis (Hands-on Practice)
  • Basics of Ollydbg/x64dbg
  • ​Demo: Hands-on labs for dynamic code analysis (Hands-on Practice)
  • ​Investigating the windows commands calls (API calls)
  • ​What to look for while performing code analysis
  • ​Demo involves analyzing real malware sample

Encryption, Packing & Obfuscation

  • Detect & deal with encryption algorithms
  • ​Uncover encrypted strings, windows commands (APIs) and domains
  • Hands-on lab exercise involves analyzing real malware sample (Hands-on Practice)
Day 3

Spear-phishing Attacks with Malicious Documents:

  • Examining a malicious office document packed with vbscript macros
  • ​Examining & Dissecting malicious .pdf files
  • Hands-on labs to examine documents packed with malicious macros (real attacks)

Advanced Techniques: Fileless Malware & API Hooking

  • Understanding Process Internals
  • ​Process & Thread Environment Block Structure
  • Detect & investigate code injection
  • ​Remote DLL & shellcode injection
  • ​Process Hollowing (Stuxnet Technique)
  • ​API Hooking & IAT Hooking
  • ​Hands-on lab exercise involves investigating malware memory image

Memory Forensics & Volatility Overview

  • Memory Forensics Overview
  • ​Memory acquisition techniques
  • Introduction to Volatility
  • Determining OS of the memory image
  • ​Volatility basic commands​

Investigation Process Memory Using Volatility

  • Identifying suspicious process through processes lists & trees
  • ​Detecting injected DLLs using Volatility
  • Identifying hidden DLLs
  • ​Identify malicious strings, webinjects and more information from the memory dump
  • Hands-on lab exercise involves investigating malware infected memory
  • ​Detect injected code inside processes
  • ​Dumping malicious processes, DLLs and injected code from memory
  • ​Hands-on lab exercise involves investigating Stuxnet memory dump
Your TrainER
Your TrainER
Amr Thabet is a former malware researcher at Symantec and currently a vulnerability  research at Tenable. He is the author of "Mastering Malware Analysis" published by Packt Publishing.

He had worked on the analysis of multiple nation-state sponsored attacks including the NSA malware families (Stuxnet & Regin), North Korea (Contopee) and many other highly advanced attacks. 

Amr has spoken at top security conferences all around the world, including DEFCON and VB  Conference. He was also featured in Christian Science Monitor for his work on Stuxnet. 

His mission is to help students all around the world to build their expertise in malware  analysis and most importantly, protect their infrastructure from targeted attacks, ransomware attacks and other threats that could target their organizations.
The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
"Before the training, I was always feeling that malware is a very scary thing and is a very out of hand event. This training helped me in analyzing and recognizing the malware features and if it's getting to the perimeter. And now, I feel it’s not scary anymore. I can actually analyze it, understand it and control it."
- Fung Dao Ying, System Analyst in Bintulu Port
“Before the training, I had the experience with malware analysis, but it was more on the behavioral side of the malware. So after this training, I was able to go more in depth with malware analysis on binary code, and reverse engineering. The training was great. It was very comprehensive. And I liked the hands-on labs & demos.”
- Kate, Cyber Security Consultant

The strategies, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.

TRAINING SCHEDULE
CUSTOM JAVASCRIPT / HTML
Get In TOUCH
CUSTOM JAVASCRIPT / HTML
FAQ
  WHAT DO STUDENTS NEED TO KNOW BEFORE GOING THROUGH THIS TRAINING?
  •  Should be familiar with using Windows/Linux 
  • ​Should have an understanding of basic programming concepts. Programming experience is not mandatory.
WHAT HARDWARE/SOFTWARE IS REQUIRED?
  • Laptop with minimum 8GB RAM and 60GB free hard disk space
  • ​Laptop with USB ports, lab samples, and custom Windows VM will be shared via USB sticks
  • ​VMware Workstation or VMware Fusion (even trial versions can be used). You can use VirtualBox or other virtualization software. However, the training will be delivered based on VMware Workstation.
  • ​Delegates must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.
Note: VMware player is not suitable for this training.
WHAT materials are provided?
  • Training Prerequisite & Lab Setup Guide: a step by step guide to prepare your isolated virtualized environment for executing and analyzing malware
  • ​Malware Analysis Lab VM (Windows 7 VM) with all required tools pre-installed. It will be provided in .ova format
  • ​The labs/exercises samples and memory images.
  • ​A printed copy of mastering Malware Analysis Book
  • ​A printed copy of Malware Analysis & Reverse Engineering Workbook which includes all the exercises taught in the training with step by step solutions to them.
HOW LONG IS THE TRAINING AND WHAT's the schedule like?
The training is a total of 3 days. Each day will have a schedule that looks like the following:

8:15am : Registration & Breakfast
9:00am : Workshop Starts
10:30am : Morning Tea-Break (15 mins)
1:00pm : Lunch
3:30pm : Afternoon Tea-Break (15 mins)
6:00pm : Workshop Ends (Depends on trainer)

Mission  |  Books  |  Training  |  About Us  |  Contact

18 Garnish Square, D15, Dublin, Ireland
©2020  MalTrak - All Rights Reserved.
CUSTOM JAVASCRIPT / HTML