• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course will help you understand how malware effects systems and the tools and mitigation techniques used to defend against them. We first give you background on windows binaries and teach you how to build executables. Next we will teach you tools related to PE editors which help you understand the structure of the executable format. Runtime monitoring and network traffic tools are taught to help you exfiltrate data the malware has affected. We teach you how to detect malware by using techniques such as Dynamic Analysis, Debugging, and reverse engineering.

Learning Objectives

  • Assembly Operands Basics (32/64 bits)
  • Immunity Debugger Basics
  • WinDbg Basics
  • IDA Disassembler Basics
  • PE Format
  • Process Infection
  • Process Hollowing
  • Process Dumping
  • Unpacking
  • DLL Analysis
  • .NET Deobfuscation
  • Macro-based Malware
  • Yara Detection

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.