back to overview
Malware Analysis & Reverse Engineering

Delivery: classroom // Duration: 5 days

This course gives participants an in-depth practical understanding and methodology for current malware analysis and reverse engineering. The course is one of the rare opportunities to participate in a hands-on training held by Kaspersky´s acknowledged expert analysts performing such analysis on a day to day basis unearthing some of the most advanced cyber threats around today.

 

Learning Objectives

  • This course provides all the necessary information about the modern malware and anti-malware landscape. Participants will learn about current malware functioning and how it infects companies’ IT infrastructures through their weakest points, exploiting these weaknesses after infection. Students will also learn all the main methods and malware analysts’ routines.

  • Strong anti-malware theory is combined with surface analysis. To operate effectively as analysts, students need to understand what lies behind the tools and techniques.

 

Course Content

  • Malware Analysis & Reverse Engineering goals and techniques

  • Windows internals, executable files, x86 assembler

  • Basic static analysis techniques (strings extracting, import analysis, PE entry points at a glance, automatic unpacking, etc.)

  • Basic dynamic analysis techniques (debugging, monitoring tools, traffic interception, etc.)

  • .NET, Visual Basic, Win64 files analysis

  • Script and non-PE analysis techniques (Batch files; Autoit; Python; Jscript; VBS)

  • Build a secure environment for malware analysis: deploy sandbox and all necessary tools

  • Understand principles of Windows program execution

  • Unpack, debug and analyze malicious object, identify its functions

  • Detect malicious sites through script malware analysis

  • Conduct express malware analysis.

Throughout the course there are a multitude on practical, hands-on exercises.

 

Target Audience

The training is suitable for IT-related professionals looking to acquire practical skills in malware analysis.


Pre-requisite for Course Registration

  • Participants should have basic knowledge of information security and/or IT security

  • Some programming experience is critical

  • Due to the many real life practical tasks, technical prerequisites for this training include a PC for each student

  • Virtual machines will be provided with the following free tools installed: IDA, Immunity debugger, OllyDdg, WireShark, Sysinternals tools, Fiddler proxy, dumpers, PE analyzers and other utilities for static and dynamic analysis

  • LAN and internet is provided in the class room

  • Participants have to bring their own laptop with current VMWare Workstation Pro and admin rights

FAQs

How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

By car - from the A92 / Munich

Leaving the motorway A92 you will find yourself at the "Zentralallee". When reaching the first bridge, turn right and leave the "Zentralallee" following the sign with direction "Cargo/FOC".  When reaching the second bridge turn right again following "FOC". Continue to follow the street  until the end - for approx. 1,5 km -  and turn left. On your right you will reach the “Luftpostleitstelle” where the ISH is located. 

By S-Bahn / airplane

Take the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight Operations Center (FOC / Lufthansa) and at the bottom of the stairs, turn left and follow the road for approx. 1,5 km, leaving the "Frachtgebäude/Cargo" at your right hand side. At its end turn left and you will reach the "Luftpostleitstelle" where the ISH is located. 

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

How can I book an open class or company training?

For our "CDC Handling" open class trainings please register via our online registration form. If you plan a company training please arrange a date with our training department, as we offer these trainings on demand.

Which hotels are in the area?

While there are a wide range of hotels around the airport we have personally stay at both the Hilton and Hotel Novotel, and find them to be very nice and accommodating.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München

Phone: +49 (0)89 9705130