Course Description

This course focuses on the end results expected from the malware analyst after finishing his job with a specific malware, it’s about how to detect this malware on other machines, how to prevent this malware from infecting others, and how to automate extracting IOCs from different samples of the same malware.
Also, this course helps malware researchers with hunting specific malware family samples and do mass detection using different threat hunting techniques.

Pricing Options

Kindly choose the enrollment pricing option that suits you best. If you're enrolling as a group or need a custom plan, please contact us. We're here to help!

  • Malware Detection & Hunting

    Course Material + 40 hours of virtual lab access

    $100.00

    Buy Now

  • Malware Detection & Hunting

    Course Material - No virtual lab access

    $50.00

    Buy Now

Course Curriculum

  • 01

    Introduction

    • Course Description

    • Overview of Indicators of Compromise (IOCs)

    • IoCs Sharing

    • Overview of Yara Detection
  • 02

    Yara Language Fundamentals

    • Rule Structure

    • Rule Syntax - Pattern

    • Rule Syntax - Conditions

    • Rule Syntax - Modules

    • Avoiding False Positives

    • Crafting Effective Yara Rule
  • 03

    Testing Yara Rules

    • Samples Collection

    • Yara Testing
  • 04

    Exercises

    • Lab #1

    • Lab #1 - Solutions

    • Lab #2

    • Lab #2 - Solutions
  • 05

    Automated Configuration Extraction

    • Automated Configuration Extraction

    • Writing Configuration Extractors

    • Writing Configuration Extractors for NET Sample

    • Lab #1

    • Lab #1 - Solutions
  • 06

    Sigma Rule for Detection

    • Introduction

    • Sigma Rule Types

    • Understanding Sigma Rule Key Component

    • Metadata

    • Log Source

    • Detection

    • Writing a Sigma Rule for Malware Sample

    • Lab #1

    • Lab #1 - Solutions

Learning Outcomes

After completing this course, you will learn the following:

  • Understanding the significance of Indicators of Compromise (IOCs)

  • Analyzing the importance of sharing IOCs within the cybersecurity community

  • Introducing Yara detection as a powerful tool in identifying and classifying malware

  • Understanding the syntax of Yara rules

  • A step-by-step guide to crafting Yara rules that accurately identify specific threats

  • Understand what malware Configuration Extractors are, and why we use them

  • Writing Configuration extractor for managed and unmanaged code

  • Proactively detect threads using Sigma Rules.

  • Learning how to write an efficient Sigma Rule

  • Learning how to test Sigma Rules locally

Technical Requirements

For the hands-on labs in this course

  • Internet Connection

  • Workstation with at least 16GB RAM and 100GB Disk Space

  • Operating System (Windows or Linux)

  • VirtualBox or VMWare (hypervisor)

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates