Malware Analysis Master Course from Mandiant, Inc

Online, Instructor-Led

Designed for experienced malware analysts, this course focuses on advanced topics related to combating a wider variety of more complex malware and malware defense mechanisms. It covers how to combat anti-disassembly, anti-debugging and anti-virtual machine techniques. It also discusses how to defeat packed and armored executables, analyze encryption and encoding algorithms and defeat various obfuscation techniques. Additional topics include malware stealth techniques (process injection and rootkit technology), analyses of samples written in alternate programming languages (C++) and popular software frameworks (.NET).

Learning Objectives

After completing this course, learners should be able to: • Understand how malware hides its execution, including process injection, process replacement and user-space rootkits • Grasp how shellcode works, including position independence, symbol resolution and decoders • Comprehend the inner workings and limitations of disassemblers such as IDA Pro as well as how to circumvent the anti-disassembly mechanisms that malware authors use to thwart analysis • Automate IDA Pro using Python and IDC to help analyze malware more efficiently • Understand how to combat anti-debugging, including bypassing timing checks, Windows debugger detection and debugger vulnerabilities • Fool malware so it cannot detect what is running in your safe environment • Understand how malware analysis is influenced by C++ concepts like inheritance, polymorphism and objects

Framework Connections

Cyberspace Intelligence

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

Exploitation Analysis

Overall Proficiency Level

4 - Expert

Course Catalog Number

4005

Course Prerequisites

Robust skill set in x86 architecture and the Windows APIs. Exposure to software development is highly recommended. Completion of Malware Analysis Crash Course is recommended but not required.

Training Purpose

Skill Development

Specific Audience

All

Delivery Method

Online, Instructor-Led

More courses from this provider:

Mandiant, Inc

Contact Information

Mandiant, Inc
11951 Freedom Dr
Reston, VA 20190

Visit course page for more information on Malware Analysis Master Course

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.