Reverse Engineering Malware Training

Learn how to perform static malware analysis with this Reverse Engineering Malware Training

This Reverse Engineering Malware Training course introduces the concept of malware, how they function, their types and how they are extensively used in Advanced Persistent attacks (APT’s) to siphon off the critical business information from an organization on regular basis. We start off with the concepts of Assembly language, PE Header, disassembling v/s debugging with advanced debugging features. We also perform RE to analyze an application dissecting it to the level where malware code is present.

We provide practice malware lab setup consisting of virtual machines and sandbox environment. We use debuggers such as IDA and Ollydbg, disassemblers and various monitoring tools to perform analysis to track the movement of the malware across the virtual network. We will also delve deep into advanced techniques such as analyzing shellcodes, powershell malwares, malicious documents and anti-virus evasion and so on. Further we take a peek at different anti-reversing, anti emulation and anti debugging techniques used by advanced malwares

Reverse Engineering Malware TrainingDuration: 3 days

  • We can adapt this Reverse Engineering Malware Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Reverse Engineering Malware Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Reverse Engineering Malware Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Reverse Engineering Malware course in manner understandable to lay audiences.

The target audience for this Reverse Engineering Malware course:

  • Malware analysts
  • Security researchers
  • Professionals looking to gain a technical understanding of malware
  • Anyone looking to improve their malware analysis and reverse engineering skills

The knowledge and skills that a learner must have before attending this Reverse Engineering Malware course are:

  • Firm understanding of the Windows Operating System
  • Firm understanding of computer architecture concepts
  • Grasp of the TCP/IP protocols

If you are unsure if you meet the required prerequisites, contact us for a quick network security training skill check.

Reverse Engineering Malware Training - OBJECTIVES

Upon completing this Reverse Engineering Malware course, learners will be able to meet these objectives:

  • How satellite communications relates to other forms of wireless systems that are used to provide one-way broadcasting and two-way interactive services, especially those delivered through the global Internet
Reverse Engineering Malware Training - COURSE SYLLABUS

Day 1: Introduction to malware analysis and reverse engineering

Day one focuses on the fundamental knowledge required for malware analysis and reverse engineering. This day is designed to build critical skills required to proceed further into deeper discussions on reversing. You will also train on special purpose reversing debuggers and disassemblers. Lab exercises will focus on functionality of various reversing tools and basic static and dynamic analysis process.

  • Basic static and dynamic analysis
  • Reverse engineering concepts and legality
  • Machine code
  • Assembly language
  • System- and code-level reversing
  • Assembly basics (registers, operands, instructions)
  • Fundamentals of reverse engineering tools (IDA Pro, Radare2)

Day 2: Static and dynamic analysis

Day two encompasses a deep discussion with hands-on content for reversing Windows binaries. Key concepts include identifying code paths, control functions and developing a general understanding of the code to be analyzed. Debugging concepts are introduced and practiced in hands-on lab exercises.

  • Recognizing C Code constructs in assembly
  • Windows API
  • Windows Registry
  • Network APIs
  • DLLs
  • Processes, threads and services
  • Debugging process (stepping, breakpoints, modifying execution)
  • Kernel debugging
  • Debugging tools

Day 3: Analyzing malware functionality and behavior

Day three includes detailed coverage on reverse engineering malware. Focus is on live malware reversing using examples of viruses, Trojans and rootkits collected from the wild.

  • Understanding common malware types and functionality
  • Process injection and replacement
  • DLL injection
  • Direct, hook and APC injection and other malware launching technique
  • Registry persistence
  • Svchost.exe
  • Trojanized system binaries
  • DLL load order hijacking
  • Malware network behavior analysis
  • Kernel mode rootkits (SSDT hooking, interrupts)
  • User mode rootkits

Day 4: Anti-reversing techniques

Day four works with various anti-reversing techniques that software developers and malware writers put in place to make reverse engineering more difficult.

  • Basic anti-reversing strategies
  • Anti-disassembly
  • Detecting debuggers
  • Detecting VM presence
  • Analyzing packed executables
  • Popular packers (UPX, PECompact, ASPack, etc.)
  • Simple obfuscation techniques (XOR swap, junk code, etc.)
  • Obscuring through data flow and control flow
  • Constant unfolding
  • Deobfuscation tools
  • Base64 and other encoding schemes
  • Common ciphers and encoding schemes
  • Reversing ransomware

Day 5: Advanced reversing topics
Day five covers advanced reversing topics.

  • Recognizing C++ binaries
  • Identifying constructors and destructors
  • RTTI
  • 64-bit architecture
  • WoW64
  • 64-bit analysis
Reverse Engineering Malware Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: