|
Almost every Incident Response involves some Trojan, back door, virus component, or rootkit. Incident Responders must be able to perform rapid analysis on the malware encountered in an effort to determine the purpose of unknown code. MANDIANT's malware analysis courses provide students with in class demonstrations, exercises where the students follow along with the instructor and labs where the students practice what they have learned on their own.
Courses Offered
Introduction to Malware Analysis
Almost every Incident Response involves some Trojan, back door, virus component or rootkit. Incident Responders must be able to perform rapid analysis on the malware encountered in an effort to determine the purpose of unknown code. Without understanding the function of the malware, remediation efforts usually fail to meet expectations. This course provides an introduction to the tools and methodologies used to perform dynamic and static analysis on portable executable programs found on Windows systems.
Students will learn:
- The primary types of malware – A malware bestiary
- How to create a safe malware analysis environment
- Malware analysis shortcuts
- The malware analysis and reporting process
- Legal issues involving malware analysis and reverse engineering
- Methodologies-differences between static and dynamic analysis
- How malware discovered on real systems was used as part of an elaborate intrusion
- Bits, bytes, binary, decimal, hexadecimal and converting values between the various numbering conventions
- Code, compilers and compilation
- The tools used to identify obfuscation methods used by malware authors and the tools used by analysts to recover the “hidden” data
- The fundamentals of assembly language programming
- How to perform dynamic analysis using virtual machines and a system monitoring utilities to capture the system, registry and network activity generated during malware analysis
See full course description
Intermediate Malware Analysis
The malware author’s evil job is to develop software that can collect and return data, run undetected, frustrate reverse-engineering efforts, and make detection almost impossible. This course builds on the material presented in the Introduction to Malware Analysis course and focuses on three topic areas that are key for successful malware reverse engineering: disassembly, debugging, and Windows internals.
Students will learn:
- Static Program Analysis Methodology
- Dynamic Program Analysis Methodology
- Windows Internals and APIs
- Use of IDA Pro
- Debugging Programs
- Advanced Use of the OllyDbg debugger
See full course description
Advanced Malware Analysis
Many malware authors take deliberate steps to thwart the reverse engineering of their tools. Students will learn to combat sophisticated malware head-on by studying its anti-analysis techniques. This course focuses on advanced topic areas related to combating malware defense mechanisms, and as such, a practiced and robust malware analysis skill set is required. Before learning specific malware anti-analysis techniques, students will arm themselves with critical skills by learning to script IDA Pro and various debuggers to overcome challenging or repetitive tasks. Students will learn detailed information about defeating packed and armored executables and be challenged to defeat several difficult specimens throughout the course. Malware stealth techniques such as process injection and rootkit technology will be introduced and tools and methodologies will be presented to aid analysis of such techniques.
Students will learn:
- IDA Pro Scripting
- Scriptable Debuggers
- How to Conduct Analysis of Nontraditional Programs
- How to Unpack Strongly Protected Binaries
- How to Defeat Anti-Reverse Engineering Techniques
- How to Recognize and Defeat Data Encryption and Encoding Techniques
- How to Capture and Analyze Stealth Malware
See full course description
Contact education@mandiant.com to find out where our award-winning courses are being offered or to set-up a private class.
close
window
|
