Malware analysis and memory forensics are powerful analysis and investigative techniques used in reverse engineering, digital forensics and incident response. Adversaries are becoming more sophisticated and carrying out advanced malware attacks on critical infrastructures, Data Centers, private and public organizations. This makes detecting, responding and investigating such intrusions increasingly critical for information security professionals. Malware analysis and memory forensics have become a must-have skill for fighting advanced malwares, targeted attacks and security breaches.
This course will introduce attendees to basics of malware analysis,reverse engineering, Windows internals and memory forensics. It will then gradually progress deeper into more advanced concepts of memory forensics.
This course uses hands-on labs using real world malware samples and infected memory images (Crimewares, APT malwares, Rootkits etc) to help attendees gain better understanding of the subject. The training also shows how these techniques can be incorporated in a sandbox to automate malware analysis. After taking this course attendees will be equipped with skill to analyze, investigate and respond to malware related incidents.
Students will be provided with:
– Course material
– Lab solution material
– Videos used in the course
– Malware samples used in the course/labs
– Memory Images used in the course/labs
– Custom Scripts
– Linux VM (to be opened with VMware Workstation/Fusion) containing necessary tools and samples
This course is intended for anyone interested in learning malware analysis and memory forensics.
“It is an excellent Malware introductory course which helps me to learn basic ideas and provide a guideline for further study in the future”
“Well organised & run”
“Particularly appreciative of how the course materials were well-prepared, and how informative [the] explanations were”
“Great course. Next time I would like to be on site.”
“Duration (3 days) was a bit too cramp for the topics to be covered.”
The course assumes no prior knowledge of the subject and starts from the basics and slowly progresses towards advanced topics.
– Students Should be familiar with using Windows/Linux
– Students Should have an understanding of programming concepts, while programming experience is not mandatory.
– Students Should have basic understanding of malware and its role in cyber attacks
– Laptop with minimum 6GB RAM and 40GB free hard disk space
– Laptop with USB ports – lab samples, and custom Linux VM will be shared via USB sticks
– VMware Workstation or VMware Fusion (even trial versions can be used).
– Windows Operating system (preferably Windows 10 64-bit, even Windows 8 and Windows 7 versions are fine) installed inside the VMware Workstation/Fusion. Students must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.
Note: VMware Player or VirtualBox is not suitable for this training.