Hero
MANDIANT ACADEMY™

Malware Analysis Crash Course

Instructor-led training course

Please contact us if you have any questions.

Course Description

This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The course explains how to find the functionality of a program by analyzing disassembly and seeing how it modifies a system and its resources as it runs in a debugger.

The course discusses how to extract host- and network-based indicators from a malicious program. It also covers dynamic analysis and the Windows APIs most often used by malware authors. Each section includes in-class demonstrations and hands-on labs with real malware so learners can apply their new skills.

Learning Objectives

After completing this course, learners should be able to:

  • Quickly perform a malware autopsy
  • Understand basic yet effective methods for analyzing running malware in a safe environment, such as virtual machines
  • Understand the basics of the x86 assembly language
  • Use IDA Pro, the main tool for disassembly analysis
  • Understand a wide range of Windows-specific concepts that are relevant to analyzing Windows malware
  • Monitor and change malware behavior, as it runs, at a low level

Who should attend

Software developers, information security professionals, incident responders, computer security researchers, corporate investigators and others who need to understand how malware operates and the processes involved in performing malware analysis.

Prerequisites

Excellent knowledge of computer and operating system fundamentals. Computer programming fundamentals and Windows Internals experience are highly recommended.

Delivery method

In-classroom instructor-led training available globally; virtual instructor-led training available in North American Time Zones (Pacific to Eastern).

Duration

  • 3 days (in-person delivery)
  • 4 days (virtual delivery)

What to bring

Students are required to bring their own laptop that meets the following specs:

  • VMware Workstation 10+ or VMware Fusion 7+
  • 30 GB of free HDD space