back to overview
Advanced Malware Analysis & Reverse Engineering

Delivery: classroom // Duration: 5 days

This course gives participants an in-depth practical understanding and methodology for current malware analysis and reverse engineering. The course is one of the rare opportunities to participate in a hands-on training held by Kaspersky´s acknowledged expert analysts performing such analysis on a day to day basis unearthing some of the most advanced cyber threats around today.


Learning Objectives

  • Participants will study anti-analysis techniques favored by cybercriminals. After this in-depth course, technical employees will be able to unpack, deobfuscate and remove anti-debugging techniques, and even to dissect root- and boot-kits

  • This advanced training leads to students following best practices in reverse engineering while recognizing anti-reverse engineering tricks (obfuscation, anti-debugging)

  • Supported by Kaspersky Lab’s working experts, students will apply advanced malware analysis for Rootkits/Bootkits dissection

  • Participants will analyze exploit shellcode in real life samples, embedded in the different file types and non-Windows malware that are currently gaining popularity


Course Content

  • Malware Analysis & Reverse Engineering goals and techniques

  • Advanced static analysis techniques (Analyzing shellcode statically, parsing PE header, TEB, PEB, loading functions by different hash algorithms)

  • Advanced dynamic analysis techniques (PE structure, manual and advanced unpacking, unpacking malicious packers that store the full executable in an encrypted form)

  • APT reverse engineering (cover an APT attack scenario, starting from phishing email and going as in-depth as possible)

  • Protocol analysis (analyze encrypted C2 communication protocol, how to decrypt traffic)

  • Rootkits and Bootkits analysis (debugging the boot sector using Ida and VMWare, Kernel debugging using 2 virtual machines, analyzing Rootkit samples)

  • Be able to follow best practices in reverse engineering while recognizing anti-reverse engineering tricks(obfuscation, anti-debugging)

  • Be able to apply advanced malware analysis for Rootkits/Bootkits dissection

  • Be able to analyze exploit shellcode embedded in the different file types and non-Windows malware

Throughout the course there are a multitude on practical, hands-on exercises.


Target Audience

This course is suitable for IT-related professionals whose work routinely involves malware analysis.We strongly suggest to participate in the “Malware Analysis & Reverse Engineering” first.


Pre-requisite for Course Registration

  • Participants should attend the “Malware Analysis & Reverse Engineering” course 1st

  • Thorough knowledge of Assembly code, machine code and higher level programming

  • Very good practical knowledge of the tools used in the “Malware Analysis & Reverse Engineering” course

  • Participants have to bring their own laptop with current VMWare Workstation Pro and admin rights, plus current full version oft IdaPro


Upcoming Session

Dates Location Language Registration fee (plus VAT)


How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

Mit dem Auto- von der A92/München

Orientieren Sie sich an der Beschilderung “Frachtgebaude” unde verlassen Sie die Autobahn. Folgen Sie der Straße nach rechts, Sie überqueren auf der Brücke die S-Bahn Linie. Biegen Sie bei der nächsten Möglichkeitne rechts ab un folgen dem Straßenverlauf über eine langgezogene Rechtsverurve. Fogen Sie der Straße weiterhin bis Sie links abbiegen können. Biegen Sie links ab. Zu Ihrer Rechten erreichen Sie die “Luftpostleitstelle”.

By car - from the A92 / Munich

Follow the signs “Frachtgebaude” and leave the motorway. Follow the road to the right and cross the S-Bahn line on the bridge. At the next opportunity, turn right and follow the road over a long right turn. Continue to follow the street until you can turn left. Turn left. On your right you will reach the “Luftpostleitstelle”.

Mit der S-Bahn / dem Flugzeug

Steigen Sie in die S-Bahn-Linie S8 oder S1 und fahren Sie bis zum “Besucherpark”. Verlassen Sie in die S-Bahn-Station in Richtung Flight- Operations-Center (FOC/Lufthanasa) und folgen Sie am Ende der Treppen nach unten der Straße zu Ihrer Linken bis zum Ende der “Frachtgebäide”. Gehen Sie weiter gerade aus und folgen Sie der Straße nach rechts. Am Ende dieser Straße erreichen Sie die “Luftpostleitstelle”.

By S-Bahn / airplane

Get on the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight-Operations-Center (FOC / Lufthanasa) and at the bottom of the stairs, follow the road to the left to the end of the “Frachtgebäide”. Continue straight ahead and follow the road to the right. At the end of this street you reach the “Luftpostleitstelle”.

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

Where can I check my ticket order?

You can always check or make changes to your ticket order by using the link in the email you received after you completed your booking. If you don’t have this link anymore, you can request a new mail through our ticketshop.

What hotels are in the area?

While there are a wide range of hotels around the airport we have personally stay at both the Hilton and Hotel Novotel, and find them to be very nice and accommodating.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München Phone: +49 (0)89 9705130

I have further questions and would like to speak to someone in person, who do I call?

Yes, you can email us at or call us at +49 89 975 32275. We are fluent in English or German.