About The Training

This three-day training program is designed to teach malware analysis based on understanding the attacker's mindset, tactics, and thought processes. By focusing on real-world scenarios and malware samples observed in the wild, participants will develop custom analysis approaches tailored to the specific malware they encounter. Day one introduces attendees to the fundamentals of malware analysis, including operating system internals, assembly language, hands-on experience with malware analysis tools, and automated analysis techniques. Day two delves into the Malware Kill Chain, examining various APT campaigns from an attacker's perspective. Participants will analyze initial access payloads and explore techniques for persistence, defense evasion, and privilege escalation. Day three begins with an introduction to Command & Control (C2) architecture, analyzing C2 components and network communications over protocols such as DNS, HTTP, and TCP. The session continues with an exploration of ransomware campaigns, analyzing ransomware components, and examining credential-stealing techniques used in malware. The training concludes with a discussion on developing static and behavioral detections for malware samples using YARA and Sigma. Attendees will leave with an understanding of malware tactics and skills for analyzing and defending against malware.

Basic - Intermediate 

Note: This beginners-friendly training consists of 60% practical work and 40% conceptual content, focusing more on hands-on experience. The methodology for malware analysis will be integrated throughout the course.

Day: 1 - Malware Analysis Fundamentals

• Life of a Malware Analyst
• Malware Terminology & Analysis Goals
• Setting up Malware Analysis Lab
• Introduction to OS Internals
• Assembly Language Primer - x86/x64 Assembly
• Malware Analysis Tools Hands-on
• Approach to analyzing malware
• Using disassemblers such as IDA/Ghidra & debuggers like x64dbg/WinDbg
• And other industry-standard malware analysis tools.
• Automated Analysis of In-the-Wild Malwares (*)
• Gathering malware samples (*)

Day: 2 - Malware Prayogshala #1

• Understanding the Attacker's Perspective: Malware Kill Chain (APT Campaigns)
• Initial Access Prayogshala:

We'll analyze:

• Malicious Office Documents
• Windows Shortcut (LNK) files
• OneNote documents
• Obfuscated VBA, PowerShell, HTA, CHM .etc
• MOTW (Mark of the Web)
• Shellcode Analysis
• Malware Persistence Prayogshala: Explore the techniques malware uses to maintain persistence on a machine and survive reboots
• Defence Evasion Prayogshala: Understand how malware employs various techniques to evade defense mechanisms.
• Privilege Escalation Prayogshala(*): Analyze how malware escalates privileges to carry out various tactics with elevated privilege

Day 3 - Malware Prayogshala #2

• C2 Prayogshala:
• Understanding Command & Control Architecture
• Analyzing C2 components
• Analyzing C2 network communication over various protocols
• Ransomware Prayogshala:
• Understanding Ransomware campaigns
• Analyzing Ransomware components
• Credential Access Prayogshala: Explore how malware steals credentials for profit using various techniques (*)
• Detection writing Prayogshala: Understand how malware is being detected using static and behavior-based detections

Note: Topics marked as (*) are optional and are subject to time constraints

• Laptop with approx. 50 GB of free space.
• CPU: 64-bit Intel Core
• 8+ GB minimum RAM (4+GB for the VM).
• Admin access to the laptop
• VirtualBox installed on host OS (latest version – 7.x) 

• Familiarity with using Windows OS and diagnosing general OS issues.
• Basic familiarity with VirtualBox and be ability to import and configure VMs
• General idea about programming concepts (Basic familiarity of reading or writing C/C++ source code)

• Security Researcher
• Malware Analyst
• Threat Intelligence Analyst
• Incident response analyst
• Red Teamer
• System Admin

Understanding of malware tactics and skills for analyzing and defending against malware. Attendees after the training should independently be able to kickstart their journey into the field of Malware Analysis. Attendees should expect clarity on the following topics -

• Understanding of the Malware landscape and techniques
• Malware analysis on the Windows platform
• Software execution at the CPU Level
• Detection engineering fundamentals

• Malware Analysis VM (VirtualBox Image with preconfigured environment)
• Malware samples for hands-on exercises

Become a malware analyst overnight