This course provides a rapid introduction to the tools and
methodologies used to perform malware analysis on executables found in
Windows systems using a practical, hands-on approach. The course
explains how to find the functionality of a program by analyzing
disassembly and seeing how it modifies a system and its resources as
it runs in a debugger.
The course discusses how to extract host- and network- based
indicators from a malicious program. It also covers dynamic analysis
and the Windows APIs most often used by malware authors. Each section
includes in-class demonstrations and hands-on labs with real malware
so learners can apply their new skills.
After completing this course, learners should be able to:
- Quickly perform a malware autopsy
- Understand basic
yet effective methods for analyzing running malware in a safe
environment, such as virtual machines
- Understand the basics
of the x86 assembly language
- Use IDA Pro, the main tool for
- Understand a wide range of
Windows-specific concepts that are relevant to analyzing Windows
- Monitor and change malware behavior, as it runs, at a
Who Should Attend
Software developers, information security professionals, incident
responders, computer security researchers, corporate investigators and
others who need to understand how malware operates and the processes
involved in performing malware analysis.
Excellent knowledge of computer and operating system fundamentals.
Computer programming fundamentals and Windows Internals experience are
What to Bring
Laptop computer with VMware Workstation 10+ or VMware Fusion 7+ and
at least 30 GB of free HDD space.