Instructor

Amr Thabet

Former Malware Researcher at Symantec and a Speaker in Defcon 21

Amr is a former malware researcher at Symantec and currently a vulnerability researcher at Tenable. He is the author of Mastering Malware Analysis published by Packt Publishing. He had worked on the analysis of multiple nation state-sponsored attacks including the NSA malware families (Stuxnet & Regin), North Korea (Contopee), and many other highly advanced attacks.

Amr has spoken at top security conferences all around the world, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

What You Will Learn

Malware Analysis & Digital Investigations Training is a hands-on training covering targeted attacks, Fileless malware, ransomware attacks with their techniques, strategies, and the best practices to respond to them. 

You'll experience hands-on training with labs on performing malware analysis, memory forensics, and full attack investigations with different real-world samples. Course objectives are:

  • Understand the lifecycle of a targeted attack and the techniques attackers use to get into the target organization (Spear-phishing, drive-by-download…etc.).
  • Perform basic static & behavioral analysis of malware in an isolated and virtualized environment.
  • Understand the basics of the x86 assembly language.
  • Be able to determine malware functionality using IDA Pro and Ollydbg/x64dbg.
  • Be able to extract network and host-based IOC's.
  • Be able to analyze downloaders, droppers, keyloggers, fileless malwares, HTTP backdoors, etc.
  • Perform memory forensics on an infected machine and extract the malware artifacts from its memory.

Who is this course for?

This training is for security professionals who want to expand their skills or beginners and newcomers to the malware incident response wanting to learn Malware Analysis, Reverse Engineering, and Memory Forensics. It's a great resource for

  • SOC Analysts
  • DFIR Professionals
  • Malware Analysts
  • Security Researchers


Syllabus

  • 1

    Intro

    • Watch First

    • Mastering Malware Analysis Book

    • Resources

  • 2

    Module 00 - Install Virtual Machine

    • Download The Virtual Machine

    • Installing VM in VirtualBox

    • Installing VM in VMWare

    • Copying Malware Samples To VM

    • Executing Commands inside the VM

  • 3

    Module 01 - APT Attacks and Malware Analysis Overview

    • 01 - Intro

    • 02 - History

    • 03 - APT Attacks

    • 04 - Malware Types

    • 05 - Analyzing Malicious Documents

    • 06 - Scenario 01 - FIN7 Spear-phishing Attack

    • Workbook & Labs

    • Quiz #1

  • 4

    Module 02 - Incident Response Process

    • 01 - Incident Discovery And Log Analysis P1

    • 02 - Incident Response And Log Analysis P2

    • 03 - Splunk

    • 04 - Packet Analysis

    • 05 - Packet Analysis Demo

    • Workbook & Labs

    • Quiz #2

  • 5

    Module 03 - Malware Analysis Process

    • 01 - Malware Analysis Process

    • 02 - How To Approach a Sample

    • 03 - Basic Static Analysis

    • 04 - Behavioral Analysis

    • 05 - Pony Malware - Tool Intro

    • 06 - Pony Malware - Basic Static Analysis

    • 07 - Pony Malware - Behavioral Analysis

    • Workbook & Labs

    • Quiz #3

  • 6

    Module 04 - x86 Assembly & Code Analysis

    • C++ Intro 01 - Get Started with your first program

    • C++ Intro 02 - Memory And Variables

    • C++ Intro 03 - Conditional Commands

    • C++ Intro 04 - Loops

    • C++ Intro 05 - Functions

    • C++ Intro 06 - Communicate with the world

    • 01 - x86 Assembly And Memory

    • 02 - x86 Assembly Instructions

    • 03 - x86 Assembly To C

    • 04 - x86 Assembly Local Variables

    • 05 - Static Analysis Level 00

    • 06 - Static Analysis Level 01

    • 07 - Static Analysis Level 02

    • 08 - Static Analysis Level 03

    • 09 - Intro to Dynamic Analysis

    • 10 - Dynamic Analysis Level 03

    • 11 - Dynamic Analysis Level 04

    • 12 - Example From a Real Malware

    • 12 - Example From a Real Malware

    • Workbook & Labs

  • 7

    Module 05 - Windows Internals & Malware Analysis

    • 01 - Application Execution Process

    • 02 - APIs and DLLs

    • 03 - Tibet APT Attack Intro

    • 04 - Tibet Malware Analysis Part 1

    • 05 - Tibet Malware Aanalysis Part 2

    • 06 - Tibet Malware Analysis Part 3

    • 07 - Tibet Malware Analysis Part 4

    • 08 - Tibet Malware Analysis Part 5

    • 09 - Tibet Malware Analysis Part 6

    • Workbook & Labs

  • 8

    Module 06 - Encryption and Encoding

    • 01 - Encoding vs Encryption

    • 02 - Tibet Malware DecryptFunc Demo

    • 03 - RC4 Algorithm Analysis P.1

    • 04 - RC4 Algorithm Analysis P.2

    • 05 - RSA Encryption Algorithms

    • 06 - Manual Unpacking

    • 07 - Manual Unpacking Demo P.1

    • 08 - Manual Packing Demo P.2

    • Workbook & Labs

    • Quiz #6

  • 9

    Module 07 - Process Injection & Anti-Reversing Techniques

    • 01 - Process Injection Intro

    • 02 - Process Injection How it Works

    • 03 - Process Injection Demo 01

    • 04 - Process Injection Demo 02

    • 05 - Process Injection Demo 03

    • 06 - Anti-Reversing Techniques 01

    • 07 - Anti-Reversing Techniques 02

    • 08 - Anti-Reversing Techniques 03

    • Workbook & Labs

  • 10

    Module 08 - Banking Trojans And API Hooking

    • 01 - Webinjects

    • 02 - API Hooking

    • 03 - API Hooking Demo 01

    • 04 - API Hooking Demo 02

    • 05 - POS Malware In Brief

    • 06 - Dexter POS Malware Demo 01

    • 07 - Dexter POS Malware Demo 02

    • 09 - Digital And Memory Forensics

    • 10 - Memory Forensics Demo

    • Workbook & Labs

  • 11

    Module 09 - Exploits And Shellcode

    • 01 - Vulnerabilities and Exploits

    • 02 - Shellcode

    • 03 - Shellcode Analysis Demo 01

    • 04 - Shellcode Analysis Demo 02

    • 05 - Analyzing Malicious Documents

    • 06 - PDFStreamDumper Demo

    • 07 - Analyzing Malicious Documents 02

    • 08 - Analyzing Malicious Documents 03

    • Workbook & Labs

  • 12

    Module 10 - Kernel-Mode Rootkits

    • 01 - Windows Kernel Internals

    • 02 - Kernel-Mode Hooking

    • 03 - MRxNet - Stuxnet Rootkit

    • 04 - MRxNet - Stuxnet Rootkil 02

    • 05 - Process Injection From Kernel-Mode

    • 06 - winSRDF and Process Injection Demo

    • Workbook & Labs

  • 13

    Module 11 - Threat Intelligence & Machine Learning

    • 01 - Threat Intel Intro

    • 02 - Yara Signatures Demo 01

    • 03 - Yara Signatures Demo 02

    • 04 - Connecting The Dots

    • 05 - Machine Learning Intro

    • 06 - Machine Learning Step by Step

    • Workbook & Labs

  • 14

    Bonus: Malware Analysis Report Template

    • Download Report Template

  • 15

    Malware Analysis Real Scenarios

    • EMOTET - 01 - 1st Stage With Macro

    • EMOTET - 02 - 2nd Stage - Dropper

    • EMOTET - 03 - 3rd Stage

    • EMOTET - 04 - Main Malware

    • EMOTET - Samples & IDBs

    • EMOTET - Analysis Report

    • WANNACRY - Main Highlights

    • WANNACRY - Analysis Report

    • NOTPETYA - Main Highlights

    • NOTPETYA - Samples & IDBs

    • NOTPETYA - Analysis Report

FAQ

  • What are the prerequisites for this training?

    Basic windows administrations (Linux as well is preferred) and a good understanding of windows protocols.

  • Is this training a hands-on training?

    Yes, it will be full of hands-on practice.

  • Who is this training best suited for?

    Those who seek to learn and advance their malware analysis skills. Be it incident handler, soc analysts, threat researchers, or malware analysts.

  • Do I have to be an expert coder to understand the content?

    The course requires a basic understanding of cybersecurity terminologies. Even if you haven’t written a single line of code before, don’t worry, this program is still for you.

  • Will I have direct access to the instructor during the course?

    Sure, the instructor will be easily reachable during the course. In addition, as a student, you will get a free 30 minutes session with the instructor if you need some sort of guidance or mentorship.

  • Does the course talk about real world attacks?

    Definitely. The course discusses some of the recent malwares such as Emotet, Wannacry, and NotPetya.

Money Back Guarantee

We want you to be 100% satisfied with your purchase, and stand by the quality of our resources. Should you for any reason be unhappy with your purchase we offer a 7-day money back guarantee. No questions asked!