This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The course explains how to find the functionality of a program by analyzing disassembly and seeing how it modifies a system and its resources as it runs in a debugger.
Learning Objectives
After completing this course, learners should be able to: • Quickly perform a malware autopsy • Understand basic yet effective methods for analyzing running malware in a safe environment, such as virtual machines • Understand the basics of the x86 assembly language • Use IDA Pro, the main tool for disassembly analysis • Understand a wide range of Windows-specific concepts that are relevant to analyzing Windows malware • Monitor and change malware behavior, as it runs, at a low level
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Exploitation Analysis