Intermediate Malware Analysis

Equipped with the behavioral Malware Analysis knowledge from the Basic Malware Analysis course you're ready to adventure into more advanced malware topics by attending the Intermediate Malware Analysis course. During this five day course we'll show you how to do Static Malware Analysis through a debugger. Since looking at assembly code in a debugger can be frustrating and almost impossible without a previous understanding of programming fundamentals and compiler operations we require that the students who attend this course have Assembly language knowledge or have completed our Assembly Basics and C Programming course. By having a previous understanding of Assembly language and programming in this course you'll be able to focus on how to do static malware analysis with confidence and clarity. During the week of instruction we introduce you to the OllyDbg Debugger. OllyDbg is the popular choice amongst Reverse Engineers and Malware Analysts worldwide. Through controlled evaluation using the debugger we'll teach you how to identify exactly what the malware specimen does and how it's doing it. After you've mastered the evaluation portion of the class we'll teach you how to patch the specimen to make it inactive or crack the program to allow full access to areas that have been hidden or encrypted by the malware developer. Students who attend this class will graduate with the following intermediate malware analysis skills:

Assembly language debugging fundamentals including:

• • Conversion methodology from source code to assembly code
• • Intel CPU memory management and structures
• • CPU control flows and order of operations

Olly Debugger including:

• • Tool overview
• • Stepping, Stepping Over and Running code
• • Useful Plug-ins and Add-ons
• • Breakpoint fundamentals and usage
• • Patching and assembling executables
• • Decrypting and decoding packed executables

Prerequisites:

Completion of Basic Malware Analysis course (required)
Completion of Assembly for Reverse Engineers (recommended)
Completion of Operating System Internals (recommended)
Completion of Introduction to Python Scripting (recommended)

Course Information:

5 days, MF, 40 hours. A certificate of completion will be given at the end of the course. Each student will be provided with a preconfigured laptop with all course training software. Students receive a USB Flash Drive of Labs and Tools used in the class on the last day of training.

Call us today for pricing and enrollment!