On This Page

Malware Analysis Crash Course

FLARE Team of Mandiant, A FireEye Company | August 4-5 & August 6-7



Overview

This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach. Students will learn how to find the functionality of a program by analyzing disassembly and by watching how it modifies a system and its resources as it runs in a debugger. Students will learn how to extract host and network-based indicators from a malicious program. Students will be taught about dynamic analysis and the Windows APIs most often used by malware authors. Each section is filled with in-class demonstrations and hands-on labs with real malware where the students practice what they have learned.

What You Will Learn:

Hands-on malware dissection
How to create a safe malware analysis environment
How to quickly extract network and host-based indicators
How to perform dynamic analysis using system monitoring utilities to capture the file system, registry, and network activity generated by malware
How to debug malware and modify control flow and logic of software
To analyze assembly code after a crash course in the Intel x86 assembly language
Windows internals and APIs
How to use key analysis tools like IDA Pro and OllyDbg
What to look for when analyzing a piece of malware
The art of malware analysis - not just running tools

Who Should Take this Course

This course is intended for software developers, information security professionals, incident responders, computer security researchers, puzzle lovers, corporate investigators, or others requiring an understanding of how malware works and the steps and processes involved in performing malware analysis.

Student Requirements

Students must have excellent knowledge of computer and operating system fundamentals; computer programming fundamentals and Windows Internals experience is highly recommended.

What Students Should Bring

Students must bring their own laptop computer with VMware Workstation 10+ or VMWare Fusion 7+ installed. Laptops should have at least 30GB of free space.

What Students Will Be Provided With

A student manual
Class handouts
Mandiant gear

Trainers

Instructors will be determined and bios will be provided as we near the event; however, they will be from the pool of seasoned instructors we use year after year.