This course serves as an intermediate course on malware analysis. It is the second part in a
three-course series. This course, Tier 2, focuses on intermediate analysis of a file that has
been deemed suspicious with the intent of determining what the file does and how it does it.
Learning Objectives
- Demonstrate knowledge of software reverse engineering techniques
- Demonstrate knowledge of reverse engineering concepts.
- Demonstrate knowledge of debugging procedures and tools.
- Demonstrate knowledge of malware analysis tools (e.g., Olly Debug, IDA Pro).
- Demonstrate knowledge of binary analysis.
- Demonstrate skill in deep analysis of captured malicious code (e.g., malware forensics).
- Demonstrate skill in analyzing anomalous code as malicious or benign.
- Demonstrate skill in interpreting results of debugger to ascertain tactics, techniques, and procedures.
- Demonstrate skill in performing packet-level analysis using appropriate tools (e.g.,Wireshark, tcpdump).
- Demonstrate skill in reverse engineering (e.g., hex editing, binary packaging utilities, debugging, and strings analysis) to identify function and ownership of remote tools.
Framework Connections
Specialty Areas
- Incident Response
- Digital Forensics
- Exploitation Analysis
- Targets
- Training, Education, and Awareness
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.