Malware Analysis Fundamentals

Overview

Explore malware analysis on Windows systems with practical, hands-on training. This programme provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The programme introduces learners to decompilation with Ghidra and introduces Windows Technologies that are prevalent in malware such as WMI, .NET, and PowerShell. The content is taught by FLARE malware analysts who are experienced in analysing a diverse set of malware.

Key Takeaways

At the end of this programme, you will be able to:

• Quickly perform malware triage using a variety of techniques and tools without running the malware
• Analyse running malware by observing file system changes, function calls, network communications and other indicators
• Learn about code compilation and how to interpret decompiled Windows code
• Analyse basic .NET and PowerShell malware and interpret WMI commands
• Use Ghidra, the open-source disassembler/decompiler
  

Who Should Attend

• Please refer to the job roles section.
• Targeted at Information technology professionals, information security professionals, corporate investigators and professionals who need to understand how malware functions operate and the processes involved in malware analysis.

Prerequisites

• General knowledge of computer and operating system fundamentals.
• Exposure to computer programming fundamentals and Windows Internals experience (recommended).

What To Bring

Students are required to bring their own laptop that meets the following specs:

• VMware Workstation 10+ or VMware Fusion 7+.
• 30 GB of free HDD space.