The training is focused on two different analysis methods: static and dynamic malware analysis.
STATIC MALWARE ANALYSIS
In this module, malicious program’s files are analyzed without actually running the malware. This analysis method provides details such as file name, type, size, string, variables, header details, hashes, embedded functions, packer signatures and programmers’ style. Checksums or hashes can be also used to find out the history of the malware and if someone has already analyzed it before. This process is safer than dynamic malware analysis as there is a minimal chance of infecting the system; however it is difficult to understand the complete features of the malware.
Other malware analysis courses just cover static malware analysis; instead, our course covers advanced static malware analysis too. Our malware analysis course has a comprehensive training program as it covers in-depth code reverse engineering. In the course, we teach you how to open a binary to reverse engineer the malware code using a disassembler, besides manual code reversing using a disassembler, debugger and decompiler.
The basics of assembly language are also a part of the course. Our experts will teach you how to read assembly code and how to understand what malware is suppose to do. After taking the malware analysis course you will be able to decode the encrypted data stored or transferred and determine the logic behind the malware. Also, you will learn how to understand file’s headers, functions, strings, etc.
During the course we also focus on all the evasion techniques used by hackers to misdirect disassemblers and make it impossible for malware reverse engineers to understand the code. You will learn to recognize and understand anti-analysis measures used in the malicious software.
The malware analysis course will help you understand which indicators you should be looking for to decide whether a more detail analysis of the malware sample is required or not, getting complete understanding of incident triage during the course.
DYNAMIC MALWARE ANALYSIS
Also known as malware behavior analysis, this method requires executing the malicious program. The course training covers how to set up dynamic malware analysis environment using an isolated laboratory sandbox. The course focuses on topics such as: detection signature identification, environment modifications made by the malware and communication between the malware and its Command & Control server (C&C) analysis.
Another key topic on this module is debugging, which will help you to understand every single step performed by the hacker. Our comprehensive dynamic malware analysis course module makes sure that you comprehend the concepts of file system, registry, process, network and system calls so that you can easily examine the changes made by a malware.
The important part of a dynamic malware reverse engineering process is to decipher the various anti analysis & evasion techniques used by programmers like detecting a virtual environment, debugger or malware analysis tool.
MEMORY FORENSICS MODULE
The next step during the malware analysis course is memory forensics, which will help you understand how the malware behave in the targeted system’s memory. Memory forensics involves taking a memory image to acquire information about running programs, the Operating System, and the overall state of the device. In this module you will be able to interact with the malware, rather than passively observing it. The memory forensics module also focuses on in depth process of Memory Acquisition & Memory Analysis. This part of the training makes it one of the best malware analysis course in India, Mexico, US and others countries.
WAR ROOM: MALWARE REVERSE ENGINEERING
During our war room module you will be given hands-on challenges involving real-world malware. You will be challenged by different anti analysis & evasion techniques used to evade firewall, antivirus detection & malware analysis. Also you will have to analyze the communication between malware and its C&C. Thus, during malware reverse engineer course you will get to work as a malware reverse engineer and become a member of an incident response team.