Essentials of Malware Analysis: Sep 24 - 25

This course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The course introduces learners to disassembly, preparing them for topics covered in more advanced courses. This content is taught by FLARE Malware Analysts who are experienced in analyzing a diverse set of malware.

Event Information

  • START DATE: September 24th, 2020 
  • END DATE: September 25th, 2020 
  • TIME: 9:00am - 6:00pm EST, daily
  • LOCATION: Alexandria, Virginia

- Expertise On Demand (EoD) credits will be accepted

Learning Objectives

  • Basic Static Analysis - Learn to quickly perform a malware autopsy using a variety of techniques and tools wit hout running the malware. By the end of this course, the learner will be able to explain how to extract meaningful characteristics from an unknown binary without execution.
    •  The following topics are illustrated in this module:
      • Hashing
      •  Strings
      • Open Sou rce Intelligence
      •  PE File Format
      • Packed Executables
  • Basic Dynamic Analysis-Analyze runningmalware byobservingfile system changes, function calls, network communications and other indicators. By the end of this course, the learner will be able to extract meaningful runtime characteristicsfrom an unknown binary by allowing it to execute in a controlled environment
    • The following topics are illustrated in this module:
      • Malware sandboxes
      • Virtualization and isolation
      •  Host-based monitoring tools
      • Network-based monit oringt ools
      • Launching binaries
  • Disassembly - Review the basics and build a foundation of the x86 assembly language, recognize code constructs in the disassembly, and learn how to use IDA Pro, themain tool for disassembly analysis. By the end of this module, the learner will be able to explain x86 assemblylanguage,use and navigate IDA pro, and stack x86 registers .
    •  The following topics are illustrated in this module:
      • Introduction to Disassembly
      • X86 Architecture Review
      • lntroductiontolDAPro
      • Statics analysis basics in IDA Pro
      • Enhancing Disassembly in IDA Pro
      • Recognizing common Code Constructs

Who Should Attend

Students should have a general knowledge of computer and operating system fundamentals. Some exposure to computer programming fundamenta Is and Windows Internals experience is recommended.

Recommended for information technology staff, information security st aff, corporate investigators , or others who require an understanding of how malware functions operate,and the processes involved in malware analysis.

Duration

2 days

Have questions?

If you have any additional questions, send us an email.

Thank you.