Cyber Security Courses

  1. Home
  2. Cyber Security Courses
  3. Malware Analysis Master Course

Malware Analysis Master Course

This course combines deep understanding of reverse engineering with rapid triage techniques to provide students with a broad capability to analyze malicious artifacts uncovered during incident response. By tailoring the instruction to rapid assessment of binaries, we equip students with the skills required to keep up with modern malware and rapidly extract the most valuable and pertinent data to their investigations, including Indicators of Compromise (IOCs). Rapid RE includes considerable lab time utilizing replicated enterprise networks and attacks as observed in the wild.

  • How real world attacks are carried out
  • File triage processes and techniques
  • Intelligence extraction techniques from malware
  • How to deal with binary obfuscation techniques
  • How to get indicators from a file in a hurry

Overview

Students will spend a significant amount of time creating their own custom tools in a lab environment. The labs are designed around the students working through the following:

  • Recognizing file format infections from various sources
  • Advanced triage capabilities
  • Extract host and network indicators from file format exploits
  • Developing your own custom process trace capabilities for IOC extraction
  • Rapid shell code analysis using the not so common tools and techniques
  • Rapid binary de-obfuscation techniques with IDA Pro and Debuggers
  • Rapid unpacking techniques

The labs will be interwoven into the lecture so that students will receive a significant amount of time exercising these new skills as they learn. By the end of the class students will have spent 50% of the time in a lab environment. A significant portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult adversary.

Trainer

This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.

Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.

Course Outline

Rapid inspection of various file formats

  • Metadata extraction from PE, PDF, and Office docs
  • Finding buried artifacts in files
  • Mobile malware metadata analysis

Assured Dynamic Analysis

  • Extracting Host IOCs from file formats with dynamic analysis
  • Working with DLLs
  • Splatter network IOC extraction and log file analysis
  • Memory Analysis

Assembly

  • X86 zero to hero
  • ARM zero to hero

Process Tracing for Rapid File Assessments

  • Intro to Intel PIN
  • Code tracing with Pin
  • Shellcode analysis with Pin

IDA Efficiencies

  • Intro to IDA Scripting
  • x86 emulation
  • De-obfuscation techniques

Unpacking

  • Using IDA for unpacking assistance
  • Unpacking in-memory

Android Auto Analysis

  • Android Internals
  • APK Reversing By Hand
  • Automated APK Reversing
  • ARM Bindings and Android

Enrollment & Fees

Fees

  • Ticket: $4,000.00 AUD excluding GST.

Terms and Conditions

  • Payment is made via our booking system or by contacting us to receive an invoice.
  • Payment is required at the time of booking.
  • Cancellation notifications within 14 days of the course's start date are not eligible for refund.
  • Cancellations received between 15 and 28 days prior to course commencement will be charged 50% of the course fee.
  • Students are allowed 1 reschedule per class. Transfers received between 15 – 28 days prior to course commencement will be charged a $300 (incl GST) administrative fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Transfers received 14 days or less prior to course commencement will be charged 50% of the course fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Payment must be made in full prior to any rescheduling.
  • Student substitutions can be made in writing 48 hours prior to a class start.
  • If a student does not attend a scheduled session, there will be no refund or reschedule given. Payment is forfeited. Mossé Security reserves the right to cancel a course and will endeavour to provide participants with as much notice as possible. Upon cancellation, any fees already paid by the participant will be refunded.

Requirements

Student Requirements

No prior reverse engineering experience is necessary.

The following will help:

  • A concept of scripting languages such as Python/Perl/Ruby
  • A familiarity with Windows administration
  • A concept of malware analysis and reverse engineering malware processes
  • Programming in C and previous knowledge of assembly will help students, but is not a must

Hardware Requirements

  • Laptop with administrative privileges
  • Minimum 30 GB HDD and 4 GB RAM
  • External USB access
  • Virtualization software

Software Requirements

  • Windows 7 or above
  • A copy of IDA Pro version 6.0 or greater
  • Administrative privileges on your laptop
  • Virtualization Software
  • Custom VM labs will be provided
  • RDP Client

Career Outcomes

Students who have completed the short course on Malware Analysis Master Course from MCSI can rapidly reverse engineer unprotected malware samples, recover all the IOCs, and develop network security mitigations.

Certification Detail

NOTIFY ME

Notify me when this course is offered next

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.