Malware Analysis

Course description

With the increased use of the internet and prevalence of computing systems in critical infrastructure, technology is undoubtedly a vital part of modern daily life. Unfortunately, the increasingly networked nature of the modern world has also enabled the spread of malicious software, or “malware”, ranging from annoying adware to advanced nation state sponsored cyber-weaponry. As a result, the ability to detect, analyze, understand, control, and eradicate malware is an increasingly important issue of economic and national security. This course will introduce students to modern malware analysis techniques through readings and hands-on interactive analysis of real-world samples. After taking this course students will be equipped with the skills to analyze advanced contemporary malware using both static and dynamic analysis.

Course outcomes

Upon the completion of this course, students will be able to:

• Possess the skills necessary to carry out independent analysis of modern malware samples using both static and dynamic analysis techniques
• Have an intimate understanding of executable formats, Windows internals and API, and analysis techniques
• Extract investigative leads from host and network-based indicators associated with a malicious program
• Apply techniques and concepts to unpack, extract, decrypt, or bypass new anti-analysis techniques in future malware samples
• Achieve proficiency with industry standard tools including IDA Pro

Course contents

Click the down arrow icon [ 🔽 ] to expand and collapse the course topics.

🔽 1 h 19 min | Introduction to Malware Analysis
  • What is malware?
  • Setting up the lab Environment
  • Setting up and configuring Linux VM
  • Setting up And configuring Windows VM
  • Malware sources
🔽 0 h 36 min | Static Analysis
  • Determining the file type
  • Fingerprinting the malware
  • Multiple anti-virus scanning
  • Extracting strings
  • Determining file obfuscation
  • Comparing and classifying the malware
  • Classifying malware using YARA
🔽 0 h 32 min | Dynamic Analysis
  • System and network monitoring
  • Dynamic analysis/monitoring tools
  • Dynamic analysis steps
  • Dynamic-Link Library (DLL) analysis
🔽 0 h 59 min | IDA Pro
  • Code analysis tools
  • Static code analysis/disassembly using IDA
  • Loading binary in IDA
  • Exploring IDA displays
  • IDA database
  • Disassembling windows API
  • Patching binary using IDA
  • IDA scripting and plugins
🔽 0 h 40 min | Malware Obfuscation Techniques and Memory Forensics
  • Simple encoding
  • Malware encryption
  • Detecting crypto constants using FindCrypt2
  • Detecting code injection
  • Getting VAD information
  • Detecting API hooks

 

This course includes:

    4 h 06 min recorded video

    Downloadable resources (books and articles)

    One year access

    Access on mobile and TV

    Advanced Level

    Certificate of completion

Categories: , ,

 

Self-paced

4,500 Br
1 year of access
 
Enroll
This course does not have any sections.
Share this Course