(301) 220 2802
Take your malware skills to the next level with our hands-on, instructor-led, Advanced Malware Analysis training class. This advanced training will give you an in-depth understanding of the techniques and knowledge needed to identify, analyze and mitigate advanced levels of malicious code.
TrainACE’s Advanced Malware training is a five-day class taught by an expert in the field using hands-on demonstrations and labs.
During the class, you will learn how to reverse engineer software that has been designed to combat standard reverse engineering techniques. You’ll gain experience recognizing and assessing advanced packers, encrypted software, and polymorphic malware. You’ll also learn how to break through code that has been protected with cryptors. Anti-debugging and anti-reverse engineering.
For more information about your specific needs, call us at (301) 220 2802 or complete the form below:
Learn More About Advanced Malware Analysis
Why Take Fundamentals of Advanced Malware Analysis Training in Maryland?
As cybersecurity becomes more sophisticated and more IT professionals are trained to mitigate risk, cybercriminals inevitably make their malware harder to detect and harder to reverse engineer. Anyone working in a defensive cybersecurity role needs to keep updated on the latest malware analysis knowledge and skills. Our Advanced Malware Analysis training will bring you up to speed on some of the more sophisticated techniques and knowledge.
The prominence of Washington DC as the center of the federal government, and the home of many prominent military and corporate headquarters, makes it a significant hub for cybersecurity firms and cyber-criminals alike. The result is that there is a wide range of lucrative opportunities for people with malware skills to help reduce business risk for some of the most essential organizations in the country. The same is true in neighboring Virginia and Maryland.
During our Advance Malware Analysis course, you will learn how to reverse engineer malware designed to shield engineers from reverse engineering techniques. Our expert instructors will guide you through identifying advanced malware such as encrypted malware, polymorphic malware, advanced packers, and malicious software armed with cryptors, anti-reverse engineering, and anti-debugging functionality.
Signup today for our convenient 5-day Advanced Malware Analysis boot camp!
What you need to know before taking the Advanced Malware Analysis training
The Advanced Malware Analysis class does not have specific prerequisites. Still, being an advanced class, you will understand the concepts and techniques more quickly if you have IT experience and fundamental malware analysis skills.
If you are new to this field, we’d recommend you take one of the following classes before taking this one:
Fundamentals of Malware Analysis - An introductory malware analysis class, introducing the basic concepts of recognizing, analyzing, and responding to malware.
Reverse Engineering Malware - An intermediate malware analysis class building on your fundamental analysis skills
Exam and Certification Requirements:
Our malware classes enhance your cybersecurity skills through hands-on training and live instruction. They are not tied to a specific professional certification. At the end of the class, you will receive a certificate of completion.
While these classes are not targeted to a specific accreditation, the skills and knowledge you will gain will help you prepare for parts of several professional cybersecurity credentials.
Who needs Advanced Malware Analysis skills in the Washington DC Region?
This malware class is suitable for mid-level malware analysts and reverse engineers. The skills and knowledge learned would also be ideal for programmers looking to understand how to protect their tools & intellectual property better.
- Mid-level Malware Analyst
- Mid-level Reverse Engineer
- Cybersecurity Analyst
- IT Compliance Analyst
- Junior Malware Analyst
- Incident Response Analyst
What will I learn in this Advanced Malware Analysis class?
Skills and Concepts:
Malware frequently utilizes network connectivity to infect, persist, receive command and control instructions, and exfiltrate data. Given the importance of understanding computer networking in malware analysis, we’ll start by exploring a range of network signatures commonly used by malicious software. We’ll teach you how to identify suspicious network activity, understand it, and identify and stop it by having you reverse engineer malicious command and control structure parsing routines.
What you will learn:
- Indications of malware activity
- Network countermeasures
- Snort & complex signatures
- Hiding in the noise by mimicking existing protocols
- Client initiated beacons
- Networking code & encoding data
- Networking from an attacker’s perspective
We’ll focus on anti-disassembly techniques used by malicious programmers to block analysis. We’ll teach you various ways to do this, including jump instructions with a constant condition and jump instructions with the same target. We’ll expand your knowledge by moving on to more advanced techniques, including misusing structured exception handlers and return pointer abuse. You’ll re-enforce these techniques with three hands-on labs testing each of the skills.
What you will learn:
- Defeating disassembly algorithms
- Same target jumps & constant condition jumps
- Rogue opcodes
- Multi-level inward jumping sequences
- Patching binaries to defeat return pointer abuse
- SEH abuse
- Reversing armored code designed to thwart stack frame analysis
Malware programmers use anti-debugging to assess when a debugger is controlling the malware. Anti-debugging is also used to combat debugging efforts. During Day 3, we’ll teach you how to use the Windows API to detect debugger use and how malware manually checks structs. Your instructor will demonstrate how to check the ProcessHeap and NTGlobal flags and how some malicious software checks for debugging tool residue in the registry. We’ll end the day by walking you through TLS callbacks and exceptions to disrupt debugger use.
What you will learn:
- Using Windows API functions to detect debuggers
- PEB checks, ProcessHeap flag & NTGlobal flag
- TLS Callbacks
- Exceptions and Interrupts
- PE Header vulnerabilities
- OutputDebugString vulnerability
Like many aspects of computing, specific techniques go out of fashion but never entirely disappear. So, on day four, we’ll explore anti-virtual machine techniques, which, while declining, still persist. During Day 4, your instructor will walk you through identifying a range of techniques used by malware authors. They’ll teach you how malware can be unpacked using original entry point (OEP), tail jumps, and rebuilding Import Address Tables (IAT).
What you will learn:
- Anti-VM techniques & memory artifacts
- Unpacking stub, tail jump, OEP & import resolution
- Techniques of Red pill & no-pill
- Manual IAT rebuilds
- Dealing with common packers – Tips & Tricks
On Day 5, we’ll round out our Advanced Malware Analysis training, learning how to find and reverse C++ code and conduct shellcode analysis. You’ll learn about polymorphism and virtual functions, which will prepare you for identifying and reversing vtables using cross-references. Your instructor will walk you through position-independent shellcode and the process of identifying execution location. The malware class will look at 64-bit malware, and the challenges analysts face when reversing this type of code.
- Analyzing C++
- Overloading functions, mangling, and vtables
- Shellcode analysis, position independent-code & call/pop
- Shellcode use of LoadLibraryA & GetProcAddress for dynamic function location
- Identifying inheritance between classes and its challenges
- 64-bit malware, general-purpose & special-purpose registers
- X64 calling convention & exception handling