Training Courses
Malware Analysis
-
Malware Analysis Crash Course
Almost every Incident Response requires analysis of attacker malware such as trojans, back doors, or rootkits. Incident Responders must be able to perform rapid analysis on malware encountered to determine the purpose of the malicious code. The Mandiant Malware Analysis Crash Course provides a fast moving introduction to the tools and methodologies used to perform dynamic and static analysis on portable executable programs found on Windows systems. Students will learn how to infer the functionality of a program by analyzing disassembly and observing the changes on the system as it runs; how to extract investigative leads from host and network-based indicators associated with a malicious program; and how to identify specific coding constructs in disassembly. Students will learn the art of dynamic analysis and about Windows APIs most often used by malware authors. Each section is filled with in class demonstrations and exercises to reinforce key concepts.
-
Malware Analysis Boot Camp
Almost every Incident Response requires analysis of attacker malware such as trojans, back doors, or rootkits. Incident Responders must be able to perform rapid analysis of malware encountered to determine the purpose of the malicious code. The Mandiant Malware Analysis Boot Camp provides a fast moving introduction to the tools and methodologies used to perform dynamic and static analysis on portable executable programs found on Windows systems. Students will learn how to determine the functionality of a program by analyzing disassembly and observing the changes made to the system as it runs; how to extract investigative leads from host- and network-based indicators associated with a malicious program; and how to identify specific coding constructs in disassembly. Additional topics will include the art of dynamic analysis and several Windows APIs most often used by malware authors. Each section is filled with in class demonstrations and instructor led exercises. Students also complete labs to reinforce key concepts.
-
Introduction to Malware Analysis
Almost every Incident Response requires analysis of attacker malware such as trojans, back doors, or rootkits. Incident Responders must be able to perform rapid analysis on malware encountered to determine the purpose of the malicious code. During malware analysis, the analyst must determine how it operates, what functionality is built in and what attacker controlled domains or Internet Protocol (IP) addresses it communicates with. Failing to understand the malware functionality threatens all remediation efforts. This course developed and taught by Mandiant malware analysts, provides an introduction to the tools and methodologies used to perform dynamic and static analysis on portable executable programs found on Windows systems.
-
Intermediate Malware Analysis
The malware author’s job is to develop software that can collect and return data, run undetected, frustrate reverse-engineering efforts and make detection as difficult as possible. Building on the material presented in our Mandiant Introduction to Malware Analysis, this course focuses on three areas critical to successful malware reverse engineering: disassembly, debugging and Windows internals.
Other topics covered include: dynamic analysis, identification of host- and network-based indicators and Windows APIs often used by malware authors. All concepts and material presented are reinforced with demonstrations, real-world case studies, follow-along exercises and student labs that allow students to practice what they have learned.
-
Advanced Malware Analysis
As malware authors continue to improve in their efforts to thwart the reverse engineering of their tools, analysts must learn to combat this sophisticated malware by studying its anti-analysis techniques. This course is focused on advanced topics related to combating malware defense mechanisms. Designed for the experienced malware analyst, students will learn to create scripts for IDA Pro and various debuggers to overcome challenging or repetitive tasks. Students will also learn how to defeat packed and armored executables and will be challenged to demonstrate these skills several times throughout the course.
Additional topics covered will include malware stealth techniques such as process injection and rootkit technology along with tools and techniques to aid in their analysis. All concepts and material presented are reinforced with demonstrations, real-world case studies, follow-along exercises and student labs to allow students to practice what they have learned.
-
Malware Analysis
Almost every computer incident involves some trojan, backdoor, virus, or rootkit. Incident responders must be able to perform rapid analysis on the malware encountered in an effort to determine the purpose of unknown code. This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems. Students will learn to infer the functionality of a program by analyzing disassembly and by watching how it changes a system as it runs in a debugger. They will learn how to extract investigative leads from host and network-based indicators associated with a malicious program and how to identify specific coding constructs in disassembly. They will be taught about dynamic analysis and the Windows APIs most often used by malware authors. Each section is filled with in class demonstrations, exercises where the students follow along with the instructor, and labs with real malware where the students practice what they have learned on their own.
Network Investigations
-
Wireless Security
Wireless computing devices are everywhere and new products seem to appear daily. The explosive growth of wireless devices also brings an increased risk to networks permitting wireless access. As a result, network security personnel must understand the risk of wireless computing. The Mandiant Wireless Security course is a two-day class specifically designed for information security professionals who support wireless environments. It is a hands-on course presented from the attacker’s perspective and helps students understand the wireless attacker methodology. The course includes case studies and lab exercises to reinforce wireless security concepts and materials.
-
Network Traffic Analysis
Sophisticated attackers frequently go undetected in a victim network for an extended period of time. Attackers know how to blend their traffic with legitimate traffic and only the skilled network traffic analyst will know how to find them. Network traffic analysis is a critical skill set for any organization. Mandiant’s intense three-day Mandiant Network Traffic Analysis course prepares students to face the challenge of identifying malicious network activity. The course provides students an overview of network protocols, network architecture, intrusion detection systems, network traffic capture and traffic analysis. The course consists of lecture and multiple hands-on labs to reinforce technical concepts.
-
Network Investigative Techniques
Incident response teams often overlook readily available resources that can help quickly identify attacker activity. Responders greatly improve their chances of identifying attackers if they recognize how to tap all available sources of evidence. The Mandiant Network Investigative Techniques course provides students a comprehensive overview of technologies, techniques and resources incident response teams can use to quickly identify attacker activity. The course provides a thorough overview of network technologies, sources of evidence and techniques to track attacker activity across the enterprise network. The course reinforces critical concepts through case studies and hands-on exercises.
Cyber Crime & Incident Response
-
Enterprise Incident Response with MIR
As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response and remediation by introducing Mandiant Intelligent Response® (MIR). MIR is designed from the ground up with incident response best practices in mind. Using MIR you will respond rapidly, accurately and thoroughly during each and every incident.
This class has been specifically designed for information security professionals and analysts who respond to computer security incidents using the MIR solution. It is designed as an operational course, using case studies and hands-on lab exercises to ensure students are gaining experience in each topic area.
Upcoming Public Course: -
Introduction to Cyber Crime for Executives
Network security breaches transform calm working environments to high stress battle zones that require executives to rapidly make key decisions impacting the company and the investigation. Informed executives are better equipped to understand the threat and make the right decisions in minimal time. The Mandiant Introduction to Cyber Crime for Executives was developed to educate senior staff on cyber-crime and incident response. During the course, instructors walk students through a scenario based on real world intrusions involving sophisticated attackers. The scenario is provided from the attacker and victim perspectives. Throughout the course, instructors teach students about the tactics and technologies used by the victim and attackers. The scenario illustrates the most common method attackers use to establish a foothold and remain undetected in the victim network. The class discusses the pros and cons of the various courses of action available to the victim. The course provides students critical insight into the many issues investigators and victim organizations face in defending networks and responding to security breaches.
-
Advanced Memory Forensics in Incident Response
Many information security companies offer digital forensic services, however, few offer memory forensics services. As an industry, information security organizations consistently overlook some of the most important data in an investigation. Attackers know this. Forensic analysts can no longer rely on getting all of the information they need from the hard drive. Since there are many examples of malware that never touch the drive, drive analysis may lead to one conclusion, while memory analysis can lead to quite another.
In performing Windows memory analysis, the class focuses on the use of freeware and open source tools to perform advanced memory analysis. Students will also be taught the concepts necessary to extend these tools or build new ones where the existing toolset does not meet all the needs of a particular incident.
This course combines and builds on the student’s skill in reverse engineering, malware analysis and programming.
UNIX and Windows Investigations
-
Windows Investigations
Attacks against systems running the Windows family of operating systems continues to increase in terms of frequency and sophistication. In order to effectively respond to the escalating threat, organizations must have skilled information security staff able to rapidly detect and remove threats. Mandiant developed the Mandiant Windows Investigations course to provide information security personnel the fundamental skills needed to quickly identify and eliminate sophisticated threats targeting Windows operating systems. The course is based on the real-world experience of Mandiant consultants who have years of experience combatting sophisticated attacks. The course includes relevant case studies and reinforces key concepts with hands-on exercises. The hands-on approach ensures students gain practical experience in each critical area discussed.
-
UNIX Investigations
Attacks against systems running variants of the Unix operating system are on the rise. In order to effectively respond to the escalating threat, organizations must have skilled information security staff able to rapidly detect and remove threats. Mandiant developed the Mandiant UNIX Investigations course to provide information security personnel the fundamental skills needed to quickly identify and eliminate sophisticated threats targeting UNIX or variants of the UNIX operating systems. The course is based on the real-world experience of Mandiant consultants who have years of experience combating sophisticated attacks. The course includes relevant case studies and reinforces key concepts with hands-on exercises. The hands-on approach ensures students gain practical experience in each critical area discussed.
-
Linux for Security Professionals
The Mandiant Linux for Security Professionals course introduces Information Security Professionals to the Linux operating system and helps prepare them to conduct investigations in a UNIX environment. The course follows the “learn by doing” philosophy. Students perform Linux/UNIX commands and discover how the operating system functions. Attendees will primarily operate in the command line environment.