This course is provided à la carte style to suit the needs of your team. Select from the modules below or request specific topics you require. New modules can be created to address your needs.

Foundation

• Build a virtual machine for safe analysis of malware.
• Windows operating system, what you need to know for malware analysis.
• POSIX operating systems, what you need to know for malware analysis.
• Difference between interpreters, bytecode, and machine code.
• Introduction to Intel x86 assembly.

Malware Analysis

• Analysis of malicious documents and other phishing lures. Focus on the type of files usually delivered via phishing. This module will cover how to analyse and extract payloads and information from such files.
• Installers. This module will cover different installers for Windows applications as well as how to analyse and identify malicious behaviours.
• Malware written in .NET.
• Scripting language malware. Look at malware implemented in different scripting languages such as Python, Powershell, AutoIT, etc.
• Reversing malware at the assembly level. Use both static and dynamic analysis to understand the malware’s functionality.
• Unpacking malware from custom packers and crypters.
• Writing Yara rules to detect and hunt for similar malware. Learn how to write advanced rules based on malware functionality and not just data strings.

Advanced Topics

• Linux shellcode analysis.
• Windows shellcode.
• Advanced anti-analysis/detection techniques used by malware.
• Nation state supply chain analysis.
• Analysis of custom virtual machine malware.