Focal Point - Behavioral Malware Analysis
Focal Point - Behavioral Malware Analysis Course Details:
Focal Point - Behavioral Malware Analysis teaches you the fundamental skills necessary to analyze malicious software from a behavioral perspective. From simple key loggers to massive botnets, this class covers a wide variety of current threats. Using system monitoring tools and analytic software, you will analyze real-world malware samples in a training environment, giving you hands-on experience building secure lab environments, classifying malware, analyzing behavioral characteristics and their effects to systems, and documenting your findings. You will leave the course with the skills and abilities required to be an effective malware analyst.
Student Practical:
Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students will derive the answers to questions regarding one final real-world malware specimen. Each student will have to reverse engineer the malware to discover its capabilities and persistence level as well as the threat level of the malware.
Call (919) 283-1674 to get a class scheduled online or in your area!
*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.
In this class you will learn:
- Set up a secure lab environment in which to analyze malicious software
- Build and maintain a toolset of freely available, trusted tools
- Classify different types of malware and describe their capabilities
- Analyze malware samples of varying types to ascertain their specific behavioral characteristics and their impact on a system
- Determine if a given sample is persistent and, if so, identify and remediate the persistence mechanism(s)
- Identify when a sample is aware of its virtual environment and will require more advanced static or dynamic analysis
- Document analytic findings using a comprehensive reporting template
Course Outline:
- Reverse Engineering
- Malware Overview
- Windows Internals Regarding Malware Analysis
- Building an Analysis Environment
- Behavioral Analysis Process (BA)
- Understanding and Using the BA Process
- Knowing Your Goals
- BA Tools of The Trade
- Baselining
- Document Embedded Malware
- Macro Viruses
- Botnets
- Keyloggers
- Malicious Mobile Code
- Backdoors
- Trojan Horses
- User Mode Rootkits
- VMWare Detection
- Destructive Malware
- CHM Malware
- Kernel Mode Rootkits
Labs:
- BA Process Lab 1
- BA Process Lab 2
- BA Process Lab 3
- Day 1 Scenario
- Document-Embedded Malware 1
- Document-Embedded Malware 2
- Spyware Sample
- Ransomware Sample
- IRC Bot Sample
- Thorough understanding of Microsoft Windows
- Experience with VMWare software although not required would be beneficial
- Knowledge of networking protocols and Wireshark filtering is recommended but not required
- Threat operation analysts seeking a better understanding of malware
- Incident responders who need to quickly address a system security breach
- Forensic investigators who need to identify malicious software
- Individuals who have experimented with malware analysis and want to expand their malware analysis techniques and methodologies