Malware Analysis (Triage) was developed to provide students with a comprehensive hands-on exposure to the processes, tools and procedures used to identify common types of malware and to quickly determine their capabilities and threat level. This course teaches students concepts and methods involved in finding, analyzing and characterizing malware to determine how severe of a threat it may pose within a system or network. The course includes significant amounts of hands-on practical application of skills learned. Students are introduced to topics and concepts through lectures then given a series of lab exercises to reinforce that learning and build skill. Students must exercise the malware analysis methodology and conduct open source research of characteristics identified in order to successfully complete the goals of the course.
Introduction to Malware Identification
Process List Analysis
Netstat, Open Port and Connection Analysis
Handles to Files and Other Resources
Suspicious .dlls and Drivers
Common Persistence Techniques
Determining Network Awareness
Determining Other Capabilities (hiding, keyboard logging, taking screenshots)
Code Analysis Triage (Hex Editor)
Online Malware Capability and Signature Research
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.