Course Description

Dive into our comprehensive Malware Analysis course, designed to elevate enthusiasts from beginners to experts in tackling digital threats. This journey unravels the essential techniques and tools for identifying, analyzing, and neutralizing malware. With a combination of theoretical insights and practical exercises, including more than 30 hands-on labs, learners will master static and dynamic analysis, dissect complex malware with leading tools like IDA Pro and Ghidra, and delve into the specifics of handling readable/uncompiled code.


Additionally, students will become proficient in extracting Indicators of Compromise (IOCs) and crafting precise YARA rules to detect and mitigate threats effectively. Culminating in a certification exam, this course offers a pathway to not only gain a thorough understanding of malware's inner workings but also to achieve recognition for your expertise in the field. Whether you're looking to start a career in cybersecurity, enhance your current skills, or secure your digital environment, this course provides the knowledge and hands-on experience needed to face malware threats head-on.

Training Delivery Details

On Demand: Material | Certification of Completion

The course material includes 33 Hands-on Labs

Pricing Options

Kindly choose the enrollment pricing option that suits you best. If you're enrolling as a group or need a custom plan, please contact us, we are here to help! Please note that this course does not include our C5W Certified Malware Analyst (CCMA) exam or extra labs.

  • C5W-500 MALWARE ANALYSIS

    No virtual lab access

    $500.00

    Buy Now
  • C5W-500 MALWARE ANALYSIS

    Includes 40 hours of virtual lab access

    $550.00

    Buy Now

Syllabus

  • Introduction to Malware Analysis

    This foundational module is designed to provide students with a comprehensive understanding of malware, its various types, distribution methods, and the critical role of malware analysis in the cybersecurity ecosystem. This module sets the groundwork for aspiring malware analysts by covering the essentials of malware identification, analysis techniques, and the broader implications of malware in cyber threats.

  • Static Malware Analysis 101

    This module serves as the gateway to understanding the fundamentals of analyzing malware without executing the code. This module aims to equip participants with the skills to examine and analyze binary files, uncover malware signatures, and effectively use basic analysis tools. Through theoretical learning and practical exercises, students will gain insights into the inner workings of malware, identify its components, and learn how to use various tools to dissect malware statically.

  • Dynamic Malware Analysis 101

    This modlie introduces the foundational principles and practices involved in observing and analyzing malware behavior during execution. This modlie is designed to equip participants with the knowledge and skills necessary to safely execute malware in controlled environments, enabling them to observe its interactions with system resources, network traffic, and other processes in real-time. Through a combination of theoretical instruction and hands-on labs, students will learn to use various monitoring and analysis tools to gather data on malware behavior and understand its impact.

  • Static Malware Analysis 102 - IDA Pro

    This modlie takes a comprehensive look at static malware analysis using IDA Pro, the industry-standard tool for disassembling and debugging malware. IDA Pro enables analysts to dissect binary code into a readable format, providing invaluable insights into the inner workings of malicious software without executing it. This modlie is designed to equip participants with the skills to navigate IDA Pro's complex functionalities, enhancing their ability to uncover and understand malware functionality.

  • Static Malware Analysis 102 - Ghidra

    This module is dedicated to leveraging Ghidra, the open-source software reverse engineering (SRE) framework developed by the National Security Agency (NSA), for the purpose of conducting in-depth static analysis of malware. This module offers a comprehensive exploration into the functionalities and capabilities of Ghidra, guiding participants through the process of disassembling, analyzing, and understanding the code structure of malware without executing it.

  • Dynamic Malware Analysis 102

    Explores advanced techniques of analyzing and understanding malware behavior through the use of debuggers and unpacking methods. This segment builds upon the foundational knowledge acquired in Dynamic Malware Analysis 101, taking students deeper into the intricacies of malware operation and evasion techniques. Participants will learn how to effectively use debuggers to step through malware execution, identify and alter malware behavior in real-time, and apply unpacking techniques to reveal hidden code obscured by malware authors

  • Analyzing Managed Code (readable/uncompiled)

    This is a specialized module designed to equip participants with the methodologies and tools required for analyzing managed code malware. Managed code, such as that written in .NET, Python, or Java, operates within a managed execution environment that handles memory allocation, security, and other runtime services. This module delves into techniques for dissecting and understanding the behavior of malware written in these high-level languages, without the need for compiling the code.

  • Extracting IOCs and writing YARA Rules

    This is a crucial module that provides an in-depth understanding of Indicators of Compromise (IOCs), which are pieces of information used to detect malware, phishing attempts, and other malicious activities. Additionally, the module covers the creation of YARA rules, a vital tool for the cybersecurity community to classify and identify malware samples.

Course Material

  • Slide Notes & Lab Documents

    Training material including the course slides, lab documents, and references for further reading.

  • Malware Samples

    A copy of all the malware samples used during the training. Many of the samples have been custom built for the training.

  • Certificates

    At the end of the course, you will receive a Certificate of Completion that proves you have attended the course.

    However, to obtain our C5W Certified Malware Analyst certification you will be required to take an exam.

Learning Objectives

After completing this course, the student will be able to perform the following:

  • Define and recognize various types of malware.

  • Analyze and interpret the behavior of malware specimens in controlled environments.

  • Identify common evasion techniques employed by malware.

  • Identify key indicators of compromise through static analysis.

  • Gain proficiency in executing malware in a controlled environment for behavioral analysis.

  • Learn to create and utilize signatures for the detection of known malware patterns.

  • Develop strategies for proactive malware detection.

  • Learn mitigation strategies to contain and eradicate malware infections.

  • Apply theoretical knowledge through hands-on exercises using real-world malware samples.

  • Develop practical skills in using malware analysis tools and platforms.

Prerequisites

This course assumes no previous knowledge in malware analysis. However, basic knowledge in computer science, programming, or any related field is highly desirable.

The Value of the Training

After completing this course, students will be able to demonstrate how to analyze malware, extract IOCs, and write a report about their analysis.

Who is this Training For?

Anyone who is willing to start a career in this field and needs the skills to do malware analysis, and also those who are curious about learning how to analyze malware.

System Requirements:

what you need to for the course

1. Computer or laptop with a Linux/Windows/Mac Operating System.

2. Capability of running virtualization software (VMWare or VirtualBox) and the attendee is comfortable of running malware on it.

3. More than 50 GB of disk space for the VMs used.