Malware Analysis & Digital Investigations

This course will take you step-by-step, with lots of hands-on practice, enabling you to learn malware analysis in a quick and simple training.

Interested in this course? Email us at team+tf@cyberdefenders.org

Instructor

Amr Thabet

Former Malware Researcher at Symantec and a Speaker in Defcon 21

Amr is a former malware researcher at Symantec and currently a vulnerability researcher at Tenable. He is the author of Mastering Malware Analysis published by Packt Publishing. He had worked on the analysis of multiple nation state-sponsored attacks including the NSA malware families (Stuxnet & Regin), North Korea (Contopee), and many other highly advanced attacks.

Amr has spoken at top security conferences all around the world, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

What You Will Learn

Malware Analysis & Digital Investigations Training is a hands-on training covering targeted attacks, Fileless malware, ransomware attacks with their techniques, strategies, and the best practices to respond to them.

You'll experience hands-on training with labs on performing malware analysis, memory forensics, and full attack investigations with different real-world samples. Course objectives are:

Understand the lifecycle of a targeted attack and the techniques attackers use to get into the target organization (Spear-phishing, drive-by-download…etc.).
Perform basic static & behavioral analysis of malware in an isolated and virtualized environment.
Understand the basics of the x86 assembly language.
Be able to determine malware functionality using IDA Pro and Ollydbg/x64dbg.
Be able to extract network and host-based IOC's.
Be able to analyze downloaders, droppers, keyloggers, fileless malwares, HTTP backdoors, etc.
Perform memory forensics on an infected machine and extract the malware artifacts from its memory.

Who is this course for?

This training is for security professionals who want to expand their skills or beginners and newcomers to the malware incident response wanting to learn Malware Analysis, Reverse Engineering, and Memory Forensics. It's a great resource for

SOC Analysts
DFIR Professionals
Malware Analysts
Security Researchers

Syllabus

1. Watch First
2. Mastering Malware Analysis Book
3. Resources
1. Download The Virtual Machine
2. Installing VM in VirtualBox
3. Installing VM in VMWare
4. Copying Malware Samples To VM
5. Executing Commands inside the VM
1. 01 - Intro
2. 02 - History
3. 03 - APT Attacks
4. 04 - Malware Types
5. 05 - Analyzing Malicious Documents
6. 06 - Scenario 01 - FIN7 Spear-phishing Attack
7. Workbook & Labs
8. Quiz #1
1. 01 - Incident Discovery And Log Analysis P1
2. 02 - Incident Response And Log Analysis P2
3. 03 - Splunk
4. 04 - Packet Analysis
5. 05 - Packet Analysis Demo
6. Workbook & Labs
7. Quiz #2
1. 01 - Malware Analysis Process
2. 02 - How To Approach a Sample
3. 03 - Basic Static Analysis
4. 04 - Behavioral Analysis
5. 05 - Pony Malware - Tool Intro
6. 06 - Pony Malware - Basic Static Analysis
7. 07 - Pony Malware - Behavioral Analysis
8. Workbook & Labs
9. Quiz #3
1. C++ Intro 01 - Get Started with your first program
2. C++ Intro 02 - Memory And Variables
3. C++ Intro 03 - Conditional Commands
4. C++ Intro 04 - Loops
5. C++ Intro 05 - Functions
6. C++ Intro 06 - Communicate with the world
7. 01 - x86 Assembly And Memory
8. 02 - x86 Assembly Instructions
9. 03 - x86 Assembly To C
10. 04 - x86 Assembly Local Variables
11. 05 - Static Analysis Level 00
12. 06 - Static Analysis Level 01
13. 07 - Static Analysis Level 02
14. 08 - Static Analysis Level 03
15. 09 - Intro to Dynamic Analysis
16. 10 - Dynamic Analysis Level 03
17. 11 - Dynamic Analysis Level 04
18. 12 - Example From a Real Malware
19. 12 - Example From a Real Malware
20. Workbook & Labs
1. 01 - Application Execution Process
2. 02 - APIs and DLLs
3. 03 - Tibet APT Attack Intro
4. 04 - Tibet Malware Analysis Part 1
5. 05 - Tibet Malware Aanalysis Part 2
6. 06 - Tibet Malware Analysis Part 3
7. 07 - Tibet Malware Analysis Part 4
8. 08 - Tibet Malware Analysis Part 5
9. 09 - Tibet Malware Analysis Part 6
10. Workbook & Labs
1. 01 - Encoding vs Encryption
2. 02 - Tibet Malware DecryptFunc Demo
3. 03 - RC4 Algorithm Analysis P.1
4. 04 - RC4 Algorithm Analysis P.2
5. 05 - RSA Encryption Algorithms
6. 06 - Manual Unpacking
7. 07 - Manual Unpacking Demo P.1
8. 08 - Manual Packing Demo P.2
9. Workbook & Labs
10. Quiz #6
1. 01 - Process Injection Intro
2. 02 - Process Injection How it Works
3. 03 - Process Injection Demo 01
4. 04 - Process Injection Demo 02
5. 05 - Process Injection Demo 03
6. 06 - Anti-Reversing Techniques 01
7. 07 - Anti-Reversing Techniques 02
8. 08 - Anti-Reversing Techniques 03
9. Workbook & Labs
1. 01 - Webinjects
2. 02 - API Hooking
3. 03 - API Hooking Demo 01
4. 04 - API Hooking Demo 02
5. 05 - POS Malware In Brief
6. 06 - Dexter POS Malware Demo 01
7. 07 - Dexter POS Malware Demo 02
8. 09 - Digital And Memory Forensics
9. 10 - Memory Forensics Demo
10. Workbook & Labs
1. 01 - Vulnerabilities and Exploits
2. 02 - Shellcode
3. 03 - Shellcode Analysis Demo 01
4. 04 - Shellcode Analysis Demo 02
5. 05 - Analyzing Malicious Documents
6. 06 - PDFStreamDumper Demo
7. 07 - Analyzing Malicious Documents 02
8. 08 - Analyzing Malicious Documents 03
9. Workbook & Labs
1. 01 - Windows Kernel Internals
2. 02 - Kernel-Mode Hooking
3. 03 - MRxNet - Stuxnet Rootkit
4. 04 - MRxNet - Stuxnet Rootkil 02
5. 05 - Process Injection From Kernel-Mode
6. 06 - winSRDF and Process Injection Demo
7. Workbook & Labs
1. 01 - Threat Intel Intro
2. 02 - Yara Signatures Demo 01
3. 03 - Yara Signatures Demo 02
4. 04 - Connecting The Dots
5. 05 - Machine Learning Intro
6. 06 - Machine Learning Step by Step
7. Workbook & Labs
1. Download Report Template
1. EMOTET - 01 - 1st Stage With Macro
2. EMOTET - 02 - 2nd Stage - Dropper
3. EMOTET - 03 - 3rd Stage
4. EMOTET - 04 - Main Malware
5. EMOTET - Samples & IDBs
6. EMOTET - Analysis Report
7. WANNACRY - Main Highlights
8. WANNACRY - Analysis Report
9. NOTPETYA - Main Highlights
10. NOTPETYA - Samples & IDBs
11. NOTPETYA - Analysis Report

About this course

$997.00
126 lessons
41.5 hours of video content

FAQ

What are the prerequisites for this training?

Basic windows administrations (Linux as well is preferred) and a good understanding of windows protocols.
Is this training a hands-on training?

Yes, it will be full of hands-on practice.
Who is this training best suited for?

Those who seek to learn and advance their malware analysis skills. Be it incident handler, soc analysts, threat researchers, or malware analysts.
Do I have to be an expert coder to understand the content?

The course requires a basic understanding of cybersecurity terminologies. Even if you haven’t written a single line of code before, don’t worry, this program is still for you.
Will I have direct access to the instructor during the course?

Sure, the instructor will be easily reachable during the course. In addition, as a student, you will get a free 30 minutes session with the instructor if you need some sort of guidance or mentorship.
Does the course talk about real world attacks?

Definitely. The course discusses some of the recent malwares such as Emotet, Wannacry, and NotPetya.

7 days 100% Money Back Guarantee

We want you to be 100% satisfied with your purchase, and stand by the quality of our resources. Should you for any reason be unhappy with your purchase we offer a 7-day money-back guarantee. No questions asked!

Enroll now