Course Description
Dynamic Malware Analysis and Reverse Engineering with x64dbg is a comprehensive course designed to equip cybersecurity professionals, malware analysts, and aspiring reverse engineers with the knowledge and skills necessary to debug, analyze, and understand the behavior of malicious software. Throughout this course, participants will delve into various aspects of malware analysis using the powerful x64dbg debugger tool, gaining hands-on experience in uncovering the inner workings of different types of malware, providing with hands on labs how the malware can hide it self into a packer or using anti-analysis techniques, and how to detect those and overcome them.
Pricing Options
Kindly choose the enrollment pricing option that suits you best. If you're enrolling as a group or need a custom plan, please contact us. We're here to help!
Course Curriculum
-
01
Introduction to X64dbg
-
Disassemblers and Debuggers
-
User-Mode and Kernel-Mode Debugging
-
Popular Debuggers for Malware Analysis
-
Overview Windows of x64dbg
-
Toolbar Icons
-
Tabs
-
Main Windows
-
x64dbg Window Relating to Registers
-
x64dbg Window Relating to Stack Memory
-
x64dbg Stack and Data Window
-
x64dbg Dump Data Window
-
-
02
Using a X64dbg Debugger
-
Start Debugging
-
Using Debugging
-
-
03
Static Malware Analysis
-
Static malware analysis Start Debugging
-
x64dbg Stepping
-
Example #1
-
Setting Breakpoints and Pausing Execution
-
Example #2
-
-
04
Bypass Anti-Debugging
-
Anti Debugging
-
PEB Structure
-
Being Debugged
-
How to Bypass Being Debugged Anti-Debug Trick
-
-
05
Unpacking UPX Packed Malware
-
Packed Binary
-
Manual Unpacking Process
-
Packed Binary Determination Process
-
Example of Unpacking Process
-
Using Scylla to Dump The Unpacked Process
-
-
06
Dump Malware Payload via x64dbg
-
Shellcode and Process Injection
-
Shellcode Extraction Process
-
-
07
Hands-on Labs
-
Lab #1: Debugging 101
-
Lab #1: Debugging 101 - Solutions
-
Lab #2: Debugging
-
Lab #2: Debugging - Solutions
-
Lab #3: Debugging
-
Lab #3: Debugging - Solutions
-
Lab #4: Debugging
-
Lab #4: Debugging - Solutions
-
Lab #5: Debugging
-
Lab #5: Debugging - Solutions
-
Lab #6: Debugging
-
Lab #6: Debugging - Solutions
-
Learning Outcomes
After completing this course, you will learn the following:
-
Understand the distinctions between disassemblers and debuggers and their roles in malware analysis
-
Differentiate between user-mode and kernel-mode debugging and the challenges associated with each
-
Using x64dbg Debugger: Master the functionality of the x64dbg debugger tool, including setting breakpoints, examining memory, inspecting registers, and tracing program execution flow
-
Learn dynamic analysis techniques to analyze malware behavior during runtime, such as process monitoring, API hooking, and code injection detection
-
Develop skills in unpacking packed binaries using x64dbg, including identifying packers, determining original entry points, and extracting unpacked code
-
Discover strategies to bypass anti-debugging mechanisms employed by malware
-
Practice extracting and decoding injected shellcode from memory dumps obtained during dynamic analysis from malware using x64dbg
-
Explore various process injection techniques used by malware to execute shellcode within the address space of legitimate processes
-
Develop skills in reconstructing the execution flow of injected shellcode and identifying its intended functionality
Technical Requirements
For the hands-on labs in this course
-
Internet Connection
-
Workstation with at least 16GB RAM and 100GB Disk Space
-
Operating System (Windows or Linux)
-
VirtualBox or VMWare (hypervisor)
What is next at Cyber 5W?
Add your email to the mailing list to get the latest updates