C5W-500 MALWARE ANALYSIS

On-Demand Course Includes:
Course Material | Labs | Certification Exam

Regular Enrollment

$500.00

Enroll Now

with-40h-labs

$550.00

Enroll Now

Dive into our comprehensive Malware Analysis course, designed to elevate enthusiasts from beginners to experts in tackling digital threats. This journey unravels the essential techniques and tools for identifying, analyzing, and neutralizing malware. With a combination of theoretical insights and practical exercises, including more than 45 hands-on labs, learners will master static and dynamic analysis, dissect complex malware with leading tools like IDA Pro and Ghidra, and delve into the specifics of handling readable/uncompiled code. Additionally, students will become proficient in extracting Indicators of Compromise (IOCs) and crafting precise YARA rules to detect and mitigate threats effectively. Culminating in a certification exam, this course offers a pathway to not only gain a thorough understanding of malware's inner workings but also to achieve recognition for your expertise in the field. Whether you're looking to start a career in cybersecurity, enhance your current skills, or secure your digital environment, this course provides the knowledge and hands-on experience needed to face malware threats head-on. Learners who complete the course and pass the exam will earn the C5W Certified Malware Analyst (CCMA).

1. Welcome & Lab Access
1. Required Files
2. Introduction
3. Installing VirtualBox
4. Installing Remnux VM
5. Common Terminology
6. Malware Analysis Stages
7. Initial File Triage
8. Lab #1 - Initial Triage 1
9. Lab #1 - Initial Triage (Solution)
10. Lab #2 - Initial Triage 2
11. Lab #2 - Initial Triage 2 (Solution)
12. Introduction to Sandboxes
13. Virustotal Sandbox
14. Triage Sandbox
15. ANY.RUN Sandbox
16. Disadvantages of Sandboxes
17. Public Intelligence
18. Lab #3 - Public Intelligence
19. Lab #3 - Public Intelligence (Solution)
20. Public Detections
1. Required Files
2. Introduction to PE Files
3. DOS Header
4. NT Headers
5. Section Headers
6. Data Directories
7. Lab #1 - Sample 1 Static Analysis
8. Lab #1 - Sample 1 Static Analysis (Solution)
9. Lab #2 - Sample 2 Static Analysis
10. Lab #2 - Sample 2 Static Analysis (Solution)
11. Lab #3 - Sample 3 Static Analysis
12. Lab #3 - Sample 3 Static Analysis (Solution)
13. Introduction to Win32 API
14. Windows Coding Conventions
15. Common Win32 API Functions
16. Lab #4 - Sample 4 Static Analysis
17. Lab #4 - Sample 4 Static Analysis (Solution)
18. Code Compilation Process
19. Introduction to x86 Assembly
20. Data Movement Instructions
21. Arithmetic Instructions
22. Bitwise Instructions
23. Conditional and Branching Instructions
24. Stack Instructions
25. Lab #5 - Sample 5 Static Analysis
26. Lab #5 - Sample 5 Static Analysis (Solution)
27. Lab #6 - Sample 6 Static Analysis
28. Lab #6 - Sample 6 Static Analysis (Solution)
1. Required Files
2. Windows Architecture Part 1
3. Windows Architecture Part 2
4. Windows Architecture Part 3
5. Introduction to Dynamic Analysis
6. Monitoring System Processes
7. Monitoring System Events
8. Monitoring Autoruns
9. Monitoring API Calls
10. Lab #1: Sample 1 Dynamic Analysis
11. Lab #1: Sample 1 Dynamic Analysis - (Solution)
12. Lab #2: Sample 2 Dynamic Analysis
13. Lab #2: Sample 2 Dynamic Analysis - (Solution)
14. Lab #3: Sample 3 Dynamic Analysis
15. Lab #3: Sample 3 Dynamic Analysis - (Solution)
16. Introduction to Network Analysis Tools
17. Analyzing Malware Traffic
18. Lab #4: Sample 4 Dynamic Analysis
19. Lab #4: Sample 4 Dynamic Analysis - (Solution)
20. Lab #5: Sample 5 Dynamic Analysis
21. Lab #5: Sample 5 Dynamic Analysis - (Solution)
22. Using ProcessHacker to Detect Installed Windows Services
23. Resource(s)
1. Required Files
2. Introduction to Malware Capabilities
3. Information Stealing
4. Data Encoding and Encryption
5. Process Injection
6. Code Obfuscation
7. Lab #1: Static Malware Analysis 102 -IDA PRO
8. Lab #1: Static Malware Analysis 102 -IDA PRO - Solution
9. Introduction to IDA Pro Part 1
10. Introduction to IDA Pro Part 2
11. Introduction to IDA Pro Part 3
12. Initial Sample Analysis I
13. Lab #2 - Information Stealer - IDA
14. Lab #2 - Information Stealer - IDA (Solution)
15. Initial Sample Analysis II
16. Lab #3 - Ransomware - IDA
17. Lab #3 - Ransomware - IDA (Solution)
18. Initial Sample Analysis III
19. Lab #4 - Obfuscation Techniques - IDA
20. Lab #4 - Obfuscation Techniques - IDA (Solution)
21. x86 Assembly Crash Course (Extra Reading)
1. Required Files
2. Introduction to Malware Capabilities
3. Information Stealing
4. Data Encoding and Encryption
5. Process Injection
6. Code Obfuscation
7. Lab #1: Static Malware Analysis 102 - Ghidra
8. Lab #1: Static Malware Analysis 102 - Ghidra - (Solution)
9. Introduction to Ghidra Part 1
10. Introduction to Ghidra Part 2
11. Introduction to Ghidra Part 3
12. Initial Sample Analysis I
13. Lab #2 - Information Stealer - Ghidra
14. Lab #2 - Information Stealer - Ghidra (Solution)
15. Initial Sample Analysis II
16. Lab #3 - Ransomware - Ghidra
17. Lab #3 - Ransomware - Ghidra (Solution)
18. Initial Sample Analysis III
19. Lab #4 - Obfuscation Techniques - Ghidra
20. Lab #4 - Obfuscation Techniques - Ghidra (Solution)
1. Required Files
2. Intro to Debugging and x64dbg - Part 1
3. Intro to x64dbg - Part 2
4. Using x64dbg Debugger
5. Static Malware Analysis using x64dbg Debugger
6. Bypassing Anti-Debugging with x64dbg
7. Unpacking UPX Packed Malware
8. Dumping Malware Payload using x64dbg
9. Lab #1: Debugging 101
10. Lab #1: Debugging 101 - Solutions
11. Lab #2: Debugging
12. Lab #2: Debugging - Solutions
13. Lab #3: Debugging
14. Lab #3: Debugging - Solutions
15. Lab #4: Debugging
16. Lab #4: Debugging - Solutions
17. Lab #5: Debugging
18. Lab #5: Debugging - Solutions
19. Lab #6: Debugging
20. Lab #6: Debugging - Solutions
1. Required Files
2. Overview of Managed Code
3. Managed Code Vs Unmanaged Code
4. Significance of Managed Code in Malware Analysis
5. Analysis of .net Malware - Static Analysis
6. Analysis of .net Malware - Code Analysis
7. Advanced dnSpy Features - Execution Tracing
8. Advanced dnSpy Features - Conditional Breakpoint
9. 6. Advanced dnSpy Features - Locals \ Watches
10. Lab #1
11. Lab #1 - Solutions
12. Scripts Analysis
13. Lab #2
14. Lab #2 - Solutions
15. Documents Analysis
16. Lab #3
17. Lab #3 - Solutions
1. Required Files
2. Introduction
3. Yara Language Fundamentals
4. Avoiding False Positives
5. Crafting Effective Yara Rule
6. Testing Yara Rules
7. Lab #1 - Extracting IOCs
8. Lab #1 - Extracting IOCs (Solutions)
9. Lab #2 - Writing Yara Rules
10. Lab #2 - Writing Yara Rules (Solutions)
11. Writing YARA Rules 101
12. Writing More YARA Rules
1. Further Readings
2. Tools - Updated

Frequently asked questions

How do I purchase a course?

You can enroll in any course directly through our platform using secure online payment.
How do I access my course after enrollment?

Once payment is complete, you will be redirected to the course and receive a confirmation email. You may also log in at any time to access your content via the My Dashboard section.
How long will I have access to the course material?

Lifetime access while the course remains available, with a guaranteed minimum of 1 year, even if it is updated or retired.
What are the general technical requirements?
Our platform is accessible from any device with internet access. For hands-on labs, we recommend:

A modern operating system capable of running virtual machines

8 GB RAM (minimum)

500 GB disk space

Hypervisor software: Virtualbox, VMWare, HyperV, etc

Alternatively, we offer fully hosted Virtual Labs that allow you to complete technical exercises via the cloud. Please check our labs at: labs.cyber5w.com.
Can I ask for help if I don't understand something?

Of course! Reach out by email anytime.
What is the expected time commitment for each course?

Each course is self-paced and designed to accommodate different learning speeds. The time you'll need depends on your current knowledge, experience, and how deeply you choose to engage with the materials and hands-on labs.
Do you offer student discounts?

Yes, we offer a 25% discount to verified university or college students (must register with a valid academic email). Please contact us at [email protected] after registering and before purchasing.
Do you offer law enforcement and military professionals discounts?

Yes, we offer a 25% discount to active law enforcement and military professionals (official verification required). Please contact us at [email protected] after registering and before purchasing.
Do you offer corporate training or customized training solutions?

Absolutely. We provide customized training solutions for teams, security operations centers, and government entities, including on-site workshops, simulations, and private lab access. Please contact us at [email protected] for arrangement.
Do your courses include Certificate of Completion?

All of our courses include a Certificate of Completion, awarded upon successful completion of lessons, labs, or a final exam (where applicable). These certificates are designed to support your professional development in the DFIR and cybersecurity fields.
Do you deliver on-site training for employees?

Yes, we tailor on-site training programs to your team's specific needs. Please contact us to discuss options, dates, and pricing.
Do you travel internationally?

Yes. Our instructors can deliver on-site training globally. Travel expenses will apply.
How long are your on-site training sessions?

Courses can range from one-day workshops to multi-week immersive programs, depending on your goals.
Can we customize the syllabus?

Absolutely! We work with you to design a tailored syllabus that matches your team's skill level and focus areas.
Do you provide virtual lab access?

Yes, all labs are accessible at labs.cyber5w.com.
What if my computer isn't good enough for the labs?

No worries, you can complete all exercises in our prebuilt virtual lab environment. No special hardware is needed, only a modern web browser to access the online labs.
What software or tools are installed in the virtual labs?

Each lab comes preloaded with the tools you'll need to successfully complete the exercises in the course you are learning.
How long do I have access to the labs?

Your virtual lab access comes with a predefined set of hours, but you can extend the lab access time as preferred (optional).
What professional certifications can I earn?
Cyber5W offers a series of hands-on, industry-recognized certifications to validate your expertise in digital forensics and threat analysis. These certifications are available as optional exams after completing the relevant training.

Cyber 5W Certified Digital Forensic Analyst (CCDFA)

Cyber 5W Certified Linux Forensic Analyst (CCLFA)

Cyber 5W Certified Malware Analyst (CCMA)

Cyber 5W Certified Threat Analyst (CCTA)

Note: Detailed exam requirements, structure, and registration links are available on each certification's dedicated page. Each exam comes with 1 retake.
I'm new to DFIR, which professional certifications are available for beginners?
Cyber 5W Certified Digital Forensics Evidence Handler

Cyber 5W Certified Digital Forensics Foundations)

Note: DetailedDetailed exam requirements, structure, and registration links are available on each certification's dedicated page.
Can I retake a test if I do not pass the exam?

Yes, we allow multiple retake attempts. Check your exam specifics or contact support if you need further help.
What support is available during an exam?

You may email [email protected] for logistics and technical issues, but no exam-specific assistance will be provided.
How are CYBER 5W certification exams different from traditional tests?

At CYBER 5W, our certification exams are skill-based, not just multiple-choice. We assess your practical knowledge through real-world tasks to ensure you can apply what you've learned.

Still have questions?

Can't find the answer you're looking for? Please chat to our friendly team.

Get in touch

Stay ahead in DFIR!

Sign up for the latest findings, field advancements, and updates on upcoming webinars, conferences, seminars, and free courses.

C5W-500 MALWARE ANALYSIS

Regular Enrollment

$500.00

with-40h-labs

$550.00

Required Files

Introduction to Malware Analysis

Static Malware Analysis 101

Dynamic Malware Analysis 101

Static Malware Analysis 102 - IDA Pro

Static Malware Analysis 102 - Ghidra

Dynamic Malware Analysis 102

Analyzing Managed Code (readable/uncompiled)

Extracting IOCs and writing YARA Rules

Resources

Frequently asked questions

Still have questions?

Stay ahead in DFIR!