1. Training
  2. Education & Training Catalog
  3. OpenSecurityTraining.info
  4. Malware Dynamic Analysis

Malware Dynamic Analysis

This introductory malware dynamic analysis class is dedicated to people who are starting to work on malware analysis or who want to know what kinds of artifacts left by malware can be detected via various tools. The class will be a hands-on class where students can use various tools to look for how malware is: persisting, communicating, and hiding.

We will achieve the items above by first learning the individual techniques sandboxes utilize. We will show how to capture and record registry, file, network, mutex, API, installation, hooking and other activity undertaken by the malware. We will create fake network responses to deceive malware so that it shows more behavior. We will also talk about how using MITRE's Malware Attribute Enumeration & Characterization (MAEC - pronounced "Mike") standard can help normalize the data obtained manually or from sandboxes, and improve junior malware analysts' reports. The class will additionally discuss how to take malware attributes and turn them into useful detection signatures such as Snort network IDS rules, or YARA signatures.

Dynamic analysis should always be an analyst's first approach to discovering malware functionality, but this class will show the instances where dynamic analysis cannot achieve complete analysis, due to malware tricks for instance. So in this class you will learn when you will need to use static analysis, as offered in the following Introduction to Reverse Engineering and Reverse Engineering Malware classes. During the course students will complete many hands on exercises.

Provider Information

More courses from this provider:
http://OpenSecurityTraining.info(link is external)
Contact Information

OpenSecurityTraining.info
10901 Rhode Island Ave.
PO Box 281
Beltsville, MD 20704

Course Overview

Overall Proficiency Level
1 - Basic
Course Catalog Number
OST_DynamicMalware1
Course Prerequisites

N/A

Training Purpose
Skill Development
Specific Audience
All
Delivery Method
Online, Self-Paced
  • Online, Self-Paced

Learning Objectives

  • Understand how to set up a protected dynamic malware analysis environment.
  • Get hands on experience with various malware behavior monitoring tools.
  • Learn the set of malware artifacts an analyst should gather from an analysis.
  • Learn how to trick malware into exhibiting behaviors that only occur under special conditions. 
  • Create actionable detection signatures from malware indicators.

 

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov(link sends email). Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date:

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate in our survey?

If you accept you will be leaving the National Initiative for Cybersecurity Careers and Studies website and going to a third party site.
That site may have different privacy, security and accessibility policies than the National Initiative for Cybersecurity Careers and Studies site.
National Initiative for Cybersecurity Careers and Studies does not endorse any commercial products, services, programs or content on the third party website.
Thank you for visiting our site. We hope your visit was informative and enjoyable.