back to overview
Advanced Malware Analysis & Reverse Engineering

Delivery: classroom // Duration: 5 days

This course gives participants an in-depth practical understanding and methodology for current malware analysis and reverse engineering. The course is one of the rare opportunities to participate in a hands-on training held by Kaspersky´s acknowledged expert analysts performing such analysis on a day to day basis unearthing some of the most advanced cyber threats around today.

 

Learning Objectives

  • Participants will study anti-analysis techniques favored by cybercriminals. After this in-depth course, technical employees will be able to unpack, deobfuscate and remove anti-debugging techniques, and even to dissect root- and boot-kits

  • This advanced training leads to students following best practices in reverse engineering while recognizing anti-reverse engineering tricks (obfuscation, anti-debugging)

  • Supported by Kaspersky Lab’s working experts, students will apply advanced malware analysis for Rootkits/Bootkits dissection

  • Participants will analyze exploit shellcode in real life samples, embedded in the different file types and non-Windows malware that are currently gaining popularity

 

Course Content

  • Malware Analysis & Reverse Engineering goals and techniques

  • Advanced static analysis techniques (Analyzing shellcode statically, parsing PE header, TEB, PEB, loading functions by different hash algorithms)

  • Advanced dynamic analysis techniques (PE structure, manual and advanced unpacking, unpacking malicious packers that store the full executable in an encrypted form)

  • APT reverse engineering (cover an APT attack scenario, starting from phishing email and going as in-depth as possible)

  • Protocol analysis (analyze encrypted C2 communication protocol, how to decrypt traffic)

  • Rootkits and Bootkits analysis (debugging the boot sector using Ida and VMWare, Kernel debugging using 2 virtual machines, analyzing Rootkit samples)

  • Be able to follow best practices in reverse engineering while recognizing anti-reverse engineering tricks(obfuscation, anti-debugging)

  • Be able to apply advanced malware analysis for Rootkits/Bootkits dissection

  • Be able to analyze exploit shellcode embedded in the different file types and non-Windows malware

Throughout the course there are a multitude on practical, hands-on exercises.

 

Target Audience

This course is suitable for IT-related professionals whose work routinely involves malware analysis.We strongly suggest to participate in the “Malware Analysis & Reverse Engineering” first.

 

Pre-requisite for Course Registration

  • Participants should attend the “Malware Analysis & Reverse Engineering” course 1st

  • Thorough knowledge of Assembly code, machine code and higher level programming

  • Very good practical knowledge of the tools used in the “Malware Analysis & Reverse Engineering” course

  • Participants have to bring their own laptop with current VMWare Workstation Pro and admin rights, plus current full version oft IdaPro

 

FAQs

How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

By car - from the A92 / Munich

Leaving the motorway A92 you will find yourself at the "Zentralallee". When reaching the first bridge, turn right and leave the "Zentralallee" following the sign with direction "Cargo/FOC".  When reaching the second bridge turn right again following "FOC". Continue to follow the street  until the end - for approx. 1,5 km -  and turn left. On your right you will reach the “Luftpostleitstelle” where the ISH is located. 

By S-Bahn / airplane

Take the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight Operations Center (FOC / Lufthansa) and at the bottom of the stairs, turn left and follow the road for approx. 1,5 km, leaving the "Frachtgebäude/Cargo" at your right hand side. At its end turn left and you will reach the "Luftpostleitstelle" where the ISH is located. 

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

How can I book an open class or company training?

For our "CDC Handling" open class trainings please register via our online registration form. If you plan a company training please arrange a date with our training department, as we offer these trainings on demand.

Which hotels are in the area?

While there are a wide range of hotels around the airport we have personally stay at both the Hilton and Hotel Novotel, and find them to be very nice and accommodating.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München

Phone: +49 (0)89 9705130