Learn to turn malware inside out! This popular reversing course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.
Understanding the capabilities of malware is critical to your ability to derive threat intelligence, respond to cybersecurity incidents, and fortify enterprise defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and many other freely available tools.
The course begins by establishing the foundation for analyzing malware in a way that dramatically expands upon the findings of automated analysis tools. You will learn how to set up a flexible laboratory to examine the inner workings of malicious software, and how to use the lab to uncover characteristics of real-world malware samples. You will also learn how to redirect and intercept network traffic in the lab to explore the specimen's capabilities by interacting with the malicious program.
The course continues by discussing essential assembly language concepts relevant to reverse engineering. You will learn to examine malicious code with the help of a disassembler and a debugger in order to understand its key components and execution flow. In addition, you will learn to identify common malware characteristics by looking at suspicious Windows API patterns employed by malicious programs.
Malware is often obfuscated to hinder analysis efforts, so the course will equip you with the skills to unpack executable files. You will learn how to dump such programs from memory with the help of a debugger and additional specialized tools, and how to rebuild the files' structure to bypass the packer's protection. You will also learn how to examine malware that exhibits rootkit functionality to conceal its presence on the system, employing code analysis and memory forensics approaches to examining these characteristics.
FOR610 malware analysis training also teaches how to handle malicious software that attempts to safeguard itself from analysis. You will learn how to recognize and bypass common self-defensive measures, including code injection, sandbox evasion, flow misdirection, and other measures.
The course culminates with a series of Capture-the-Flag challenges designed to reinforce the techniques learned in class and provide additional opportunities to learn practical, hands-on malware analysis skills in a fun setting.
Hands-on workshop exercises are a critical aspect of this course. They enable you to apply malware analysis techniques by examining malicious software in a controlled and systemic manner. When performing the exercises, you will study the supplied specimens' behavioral patterns and examine key portions of their code. To support these activities, you will receive pre-built Windows and Linux virtual machines that include tools for examining and interacting with malware.
In summary, FOR610 malware analysis training will teach you how to:
- Build an isolated, controlled laboratory environment for analyzing the code and behavior of malicious programs
- Employ network and system-monitoring tools to examine how malware interacts with the file system, registry, network, and other processes in a Windows environment
- Control relevant aspects of the malicious program's behavior through network traffic interception and code patching to perform effective malware analysis
- Use a disassembler and a debugger to examine the inner workings of malicious Windows executables
- Bypass a variety of packers and other defensive mechanisms designed by malware authors to misdirect, confuse, and otherwise slow down the analyst
- Recognize and understand common assembly-level patterns in malicious code, such as code L injection, API hooking, and anti-analysis measures
- Assess the threat associated with malicious documents, such as PDF and Microsoft Office files
- Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts.
Why Choose Our Course
The malware analysis process taught in FOR610 helps incident responders and other security professionals assess the severity and repercussions of a situation that involves malicious software so that they can plan recovery steps. Forensics investigators also learn about the key characteristics of malware discovered during the examination, including how to establish Indicators of Compromise and obtain other threat intelligence details for analyzing, scoping, and containing the incident.
What threat does the malicious or suspicious program pose? What do its mechanics reveal about the adversary's goals and capabilities? How effective are the company's security controls against such infections? What security measures can strengthen the organization's infrastructure from future attacks of this nature? This course teaches the skills necessary to answer these and other questions critical to an organization's ability to handle malware threats and related incidents.
What You Will Receive
When attending FOR610, you will receive an electronic toolkit packed with helpful malware analysis tools. You will use them to perform exercises in class, and you can also use them later to interrogate suspicious files when you return to your job. The tools have been preinstalled and configured for your convenience into two virtual machines that you will receive in the course toolkit:
- A Windows REM Workstation virtual machine with preinstalled analysis tools, along with the corresponding Microsoft Windows license.
- A REMnux virtual machine set up to run the lightweight Linux distribution used by many malware analysts world-wide.
The toolkit also includes many real-world malware samples that you will examine during the course when performing hands-on lab exercises, as well as MP3 audio files of the complete course lectures.
You will also receive electronic training materials with detailed explanations and illustrations of the concepts, tools, and techniques covered in the course. The materials include an electroninc workbook that provides detailed, step-by-step instructions for all the hands-on lab exercises performed in the course to facilitate the learning experience.