• Online, Instructor-Led
Course Description

This course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The course introduces students to decompilation with Ghidra and introduces Windows Technologies that are prevalent in malware such as WMI, .NET, and PowerShell. The content is taught by FLARE malware analysts who are experienced in analyzing a diverse set of malware.

Learning Objectives

After completing the course, learners should be able to: • Quickly perform malware triage using a variety of techniques and tools without running the malware • Analyze running malware by observing file system changes, function calls, network communications and other indicators • Learn about code compilation and how to interpret decompiled Windows code • Analyze basic .NET and PowerShell malware and interpret WMI commands • Use Ghidra, the open-source disassembler/decompiler

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.