This course provides a rapid introduction to the file formats, tools, and methodologies used to perform malware analysis on malicious documents using a practical hands-on approach. Students will learn to pinpoint and analyze the most suspicious document components and how to extract host and network based indicators from them. This course includes demonstrations and hands-on labs that contain real malware.
Learning Objectives
After completing this course, learners should be able to: • Dissect and analyze malicious document formats • Extract network and host-based indicators • Extract noteworthy components that require further isolated analysis • Detect suspicious patterns and common exploitation techniques • Utilize modern analysis tools including Offvis and 010 editor • Create and automate custom tools for your specific organization
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Exploitation Analysis