• Classroom
  • Online, Instructor-Led
Course Description

This course takes students into advanced and specialist topics surrounding rootkit analysis. Students will learn about the Windows kernel, automated and manual unpacking, live kernel debugging with IDA and WinDbg, and reverse engineering drivers. This is a heavily lab-intensive course that requires students to have a solid background in programming, reverse engineering, and malware analysis prior to attending.

Learning Objectives

  1. Unpack malware using both automated tools and manual processes
  2. Analyze and defeat mechanisms added by code protectors
  3. Conduct live remote kernel debugging on Windows using WinDbg and IDA
  4. Reverse engineer rootkits that are implemented as drivers

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.