Course Information
Registration period
Year-round Recruitment
Course Level
Study Mode
Duration
5 Hour(s) 32 Minute(s)
Language
English
Taught by
Cristina Gheorghisan
Rating
Course Overview
Tools and Techniques for Windows Malware Analysis
The aim of this course is to cover the essentials techniques and tools for reverse engineering and malware analysis. As the title suggests, we will cover only the Windows environment in this class, since it is by far the most used and abused. We try to provide a complete picture for the starting reverse engineer but in the same time relevant for the more advanced analysts.
There are always multiple ways to do a task. We will insist more on "Why?"s instead of "How?"s since we consider that it's more important to understand WHAT we're trying to achieve and WHY.
There are no pre-requisites for this class other that a Windows virtual machine and the will to learn. All the tools discussed here are freely available online. Analyses are demonstrated on a Windows 8.1 virtual machine.
Don't worry! Neither professional programming experience nor assembly language knowledge are required to benefit from the course. If you know these already, it would be helpful when we’ll look at identifying encryption algorithms and bypass anti-virtualisation checks. The concepts will be explained clearly and additional resources will be recommended.
Some programming experience will definitely be beneficial, however, the focus will be mostly on understanding the technique, the tools and their most useful features. When needed, source code written in C or Python will be provided.
To get the most out of this course, we recommended to try all the exercises and assignments that follow the lectures and whenever a concept or idea is not fully explained or clearly understood, either reach out with questions on the Q&A section or consult online resources.
Course Content
- 4 section(s)
- 35 lecture(s)
- Section 1 Introduction
- Section 2 Building a virtual environment
- Section 3 Analysis Tools
- Section 4 Next steps
What You’ll Learn
- How to build a virtual environment for malware analysis, How to identify and bypass anti-virtualisation techniques, How to confidently use debuggers and disassemblers, Be able to analyse processes and perform low-level API monitoring, How to monitor changes to the Registry and the file system, Learn how to intercept and investigate network traffic, Execute samples inside a sandbox, extract and analyse artefacts, Become comfortable with tools for static analysis, How to identify packers automatically and manually
Skills covered in this course
Reviews
-
DDominik Maślak
very professional material
-
JJoost Agterhoek
Very practical, explains all the concepts well and drives it home with practice and labs. Also, great and patient speaker/teacher.
-
AAdam Willerton
I enjoyed the course a lot and feel like I learned a lot. I have some previous knowledge in the field, and it was sometimes used to fix some compatibility issues with the tools, but other than that I had no issues with the course
-
SSteve Schmidt
Christina does a very good job with conveying technical information. She makes the material relevant and interesting. Christina, thank you for a very good course.
