This course takes students into advanced and specialist topics surrounding rootkit analysis. Students will learn about the Windows kernel, automated and manual unpacking, live kernel debugging with IDA and WinDbg, and reverse engineering drivers. This is a heavily lab-intensive course that requires students to have a solid background in programming, reverse engineering, and malware analysis prior to attending.
- Unpack malware using both automated tools and manual processes
- Analyze and defeat mechanisms added by code protectors
- Conduct live remote kernel debugging on Windows using WinDbg and IDA
- Reverse engineer rootkits that are implemented as drivers
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.