Intro to Malware Analysis
In this class students will learn the fundamentals of basic malware analysis through static and behavioral analysis of real and exemplar malware. This hands-on course will walk students through setting up a proper sandboxed environment well equipped for malware analysis. Students will be exposed to the compilation process that takes human readable code to compiled machine readable code. Students will be exposed to numerous tools used for malware analysis to examine a variety of malware samples from across many spectrums in the malware analysis spectrum. These samples will include specifically crafted malware that exhibits malware behaviors up through real world malware used by Advanced Persistent Threats (APTs).
This course includes many hands-on labs for repeated practical demonstration of skills learned. Students will be given lecture to baseline the core concepts followed by many hands-on labs to practice what is learned. The course concludes with a capstone lab that combines all the skills and tools learned throughout the class to successfully demonstrate an understanding of conducting basic malware analysis, identify binary obfuscation, and report key findings of interest.
Prerequisites
- Working knowledge of penetration testing methodology and tools is required
- Basic technical writing skills
- General knowledge of the Windows Operating System including a basic understanding of windows processes, registry, and filesystem
- Familiarity with VMware, setting up VMs, and using VMs
- Exposure to C programming languages is recommended
On completion of this course, students will be able to:
- Set up a sandboxed environment for static and behavioral analysis of Windows portable executables
- Compile basic C code from source to executable
- Statically analyze suspected malicious windows binaries (PE)
- Identify behaviors typically exhibited by malicious windows binaries (PE)
- Identify common packing and obfuscation techniques use by malware authors to disguise its purpose
- Use basic unpackers to return binaries to their original de-obfuscated state
- Report key findings from their malware analysis efforts
Day 1
- What is malware?
- Primary types of malware (past and current)
- APT malware
- Setting up a safe environment for analysis
- Labs
- Setting up a safe environment
- Tool familiarity
- Report familiarity
Day 2
- What is a Portable Executable?
- Compilation process
- Static Analysis
- Behavioral Analysis
- Labs
- Static Analysis
- Behavioral Analysis
- Hybrid Analysis
Day 3
- Obfuscated and packed code
- Detecting packed or obfuscated binaries
- Detecting embedded binaries
- Labs
- Unpacking code
- Analyzing unpacked binaries
- Embedded Binaries
Day 4
- Written Test
- APT malware
- Labs
- APT1 case study
Day 5
- Practical Test (hands on Lab)
- Review of Practical
- Is there a discount available for current students?UMBC students and alumni, as well as students who have previously taken a public training course with UMBC Training Centers are eligible for a 10% discount, capped at $250. Please provide a copy of your UMBC student ID or an unofficial transcript or the name of the UMBC Training Centers course you have completed. Asynchronous courses are excluded from this offer.
- What is the cancellation and refund policy?Student will receive a refund of paid registration fees only if UMBC Training Centers receives a notice of cancellation at least 10 business days prior to the class start date for classes or the exam date for exams.
- What is Live Online training?Classes marked Live Online have the same content and expert instructors as our classroom training, but are delivered entirely online through our virtual classroom environment. Each class session is live, and led by an Instructor.