• Online, Self-Paced
Course Description

This 16-hour on-demand course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, virtual hands-on approach. The course introduces students to Disassembly, including subtopics on X86 Architecture, The Stack, C Code Constructs, and an introduction to IDA Pro. The content is developed and taught by FLARE malware analysts who are experienced in analyzing a diverse set of malware.

Learning Objectives

After completing the course, learners should be able to: • Quickly perform malware triage using a variety of techniques and tools without running the malware • Analyze running malware by observing file system changes, function calls, network communications and other indicators • Learn about code compilation and how to interpret decompiled Windows code • Analyze basic .NET and PowerShell malware and interpret WMI commands • Use Ghidra, the open-source disassembler/decompiler

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Exploitation Analysis