Masterclass: Malware Analysis & Reverse Engineering

During this 4-day course in 28 hours of super intensive training you will gain crucial cybersecurity knowledge and skills in terms of Malware Analysis & Reverse Engineering.

Moreover, you will be able to:

  • Get the highest quality and unique learning experience – the class is limited to 16 participants by default.
  • Get the opportunity to interact with our world-renowned Experts.
  • Go through CQURE’s custom lab exercises and practice them after the course.
  • Receive a lifelong certification after completing the course!

Why this course?

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 16 participants by default, or supported by an assistant instructor if the number of delegates exceeds 16. During this course, you will have the opportunity to go through CQURE’s custom lab exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

Audience

This training is built for cybersecurity professionals who want to sharpen their skills in analyzing and defending against advanced threats. Whether you are a malware analyst, incident responder, threat hunter, SOC analyst, forensic specialist, security engineer, or red teamer, you’ll gain practical expertise in reverse engineering, forensics, and threat detection. Technical security leaders will also benefit from a deeper understanding of modern malware risks and APT tradecraft.

This Live Virtual Class consists of 14 Modules in terms of Malware Analysis & Reverse Engineering. They include essential theory combined with individual practice during the exercises as well as loads of hands-on tools and real-case scenarios.

Module 1. APT Attacks & Malware Analysis

  1. Understanding advanced persistent threats
  2. Attacker tactics, techniques & procedures (MITRE ATT&CK)
  3. The incident response process for malware attacks
  4. APT attack vectors and types of malware
  5. Setting up isolated lab environment

Module 2. Basic Static Analysis

  1. Investigating malware decrypted strings
  2. Examining malware headers (PE)
  3. Understanding functionality through imported Windows APIs
  4. Detecting and unpacking encrypted malware
  5. Hands-on lab with real malware samples

Module 3. Behavioral Analysis & Sandboxing

  1. Network forensics for malware activity
  2. Monitoring process, file system, and registry activity
  3. Determining indicators of compromise (IoCs)
  4. Hands-on lab analyzing real malware

Module 4. Spear-phishing Attacks with Malicious Documents

  1. Analyzing malicious Office documents with VBA macros
  2. Examining and dissecting malicious PDF files
  3. Hands-on lab with real phishing documents

Module 5. Intro To x86/x64 Assembly

  1. CPU registers and assembly instructions
  2. Assembly language and memory handling
  3. Reversing assembly code to higher-level languages
  4. Working with variables and memory structures

Module 6. Static & Dynamic Code Analysis

  1. Using IDA Pro for static analysis
  2. Hands-on lab with static code analysis
  3. Using Ollydbg/x64dbg for dynamic analysis
  4. Investigating Windows API calls
  5. Key indicators in code analysis

Module 7. Malware Functionalities Analysis

  1. Analyzing droppers & downloaders
  2. Persistence mechanisms
  3. Keylogging techniques
  4. Banking Trojans & Man-in-the-Browser attacks
  5. Point of Sale malware characteristics
  6. Writing custom YARA rules

Module 8. Unpacking Packed Samples

  1. Using generic unpackers
  2. Manual unpacking techniques
  3. Overcoming anti-reverse engineering protections

Module 9. Dealing with Encryption

  1. Reversing basic encryption algorithms
  2. Working with complex encryption (RC4, AES, public key)
  3. Uncovering encrypted strings, APIs, and C2 domains
  4. Hands-on lab with encrypted malware

Module 10. Ransomware analysis

  1. Basic analysis of ransomware behavior
  2. Code analysis of encryption functionality
  3. Understanding file encryption algorithms
  4. Assessing decryption possibilities
  5. Real-world ransomware case study

Module 11. Windows Forensics & Timeline Analysis

  1. Digital forensics goals and acquisition techniques
  2. Analyzing NTFS Master File Table and deleted files
  3. Windows Change Logs and Prefetch analysis
  4. Registry analysis for persistence
  5. Creating attacks timelines

Module 12. Advanced Techniques: Fileless Malware & API Hooking

  1. Understanding process internals
  2. Detecting code injection techniques
  3. Process hollowing analysis (Stuxnet technique)
  4. API Hooking and IAT hooking detection

Module 13. Memory Forensics & Volatility

  1. Memory acquisition techniques
  2. Introduction to Volatility framework
  3. Identifying suspicious processes
  4. Detecting injected and hidden DLLs
  5. Hands-on with Stuxnet memory dump

Module 14. Reporting & Threat Hunting

  1. Professional malware analysis report writing
  2. Introduction to threat hunting
  3. Endpoint threat hunting with Sysmon
  4. Creating Sigma rules

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

Practical information

Duration: 4 days
Format: Live virtual class with hands-on labs
Language: English
Delivery: Remote instructor-led training

FAQ

Hva koster kurset?
Prisen er 34 900 NOK for 4 dager. Kurset inkluderer kursmateriell, praktiske lab-øvelser og livslang sertifisering etter fullført kurs.

Hvor lenge varer kurset?
Kurset varer i 4 dager.

Hvordan gjennomføres kurset?
Kurset leveres som et live virtuelt kurs ledet av instruktører fra CQURE. Deltakerne arbeider i et isolert lab-miljø hvor de analyserer ekte malware-prøver, gjennomfører reverse engineering og jobber med digital etterforskning av angrep.

Hvem passer kurset for?
Kurset passer for sikkerhetsanalytikere, malware-analytikere, incident responders, threat hunters, SOC-analytikere og andre IT-sikkerhetsfagfolk som ønsker å lære hvordan man analyserer og reverserer skadelig kode.

Hva lærer jeg i løpet av kurset?
Du lærer hvordan man analyserer malware ved hjelp av både statiske og dynamiske analysemetoder. Kurset dekker blant annet reverse engineering, analyse av ransomware, digital forensics, malware-funksjonalitet, kryptering og teknikker brukt av avanserte trusselaktører.

Etter kurset vil du kunne:

Analysere malware-prøver i et isolert lab-miljø
Utføre statisk og dynamisk kodeanalyse
Forstå malware-funksjonalitet og persistensmekanismer
Analysere ransomware-angrep og krypteringsmetoder
Bruke verktøy som IDA Pro, debugger-verktøy og Volatility
Identifisere indikatorer på kompromittering (IoC)
Utføre grunnleggende reverse engineering av skadelig kode

Er kurset praktisk rettet?
Ja. Kurset inneholder omfattende hands-on lab-øvelser hvor deltakerne analyserer ekte malware-prøver, gjennomfører reverse engineering og utfører digital etterforskning i realistiske scenarioer.

Hvilke temaer dekkes i kurset?
Kurset dekker blant annet:

APT-angrep og MITRE ATT&CK
Malware analyse og reverse engineering
Statisk og dynamisk kodeanalyse
Assembly-analyse (x86 og x64)
Malware-funksjonalitet og persistens
Kryptering brukt i malware
Ransomware-analyse
Windows forensics og tidslinjeanalyse
Memory forensics med Volatility
Threat hunting og Sigma-regler

Får jeg sertifisering etter kurset?
Ja. Etter fullført kurs mottar deltakerne en livslang CQURE-sertifisering.

Hvilke forkunnskaper anbefales?
Det anbefales grunnleggende kunnskap om Windows-operativsystemet, nettverk og IT-sikkerhet. Erfaring med scripting eller programmering kan være en fordel.

Hva gjør dette kurset unikt?
Kurset kombinerer malware-analyse, reverse engineering, digital forensics og threat hunting i ett sammenhengende treningsløp. Deltakerne får arbeide med ekte malware-prøver i et realistisk lab-miljø og lærer teknikker brukt av profesjonelle sikkerhetsteam og trusseljegere.

Relevant courses

Other subject areas

Andre relevante kurs

MasterClass: Hacking and Securing Windows Infrastructure
13. april
5 dager
Virtual Classroom
Masterclass: System Forensics, Incident Handling And Threat Hunting
25. mai
5 dager
Virtual Classroom
MasterClass: Windows Security and Infrastructure Management with Windows Internals
15. juni
4 dager
Classroom Virtual
MasterClass: Administering and Configuring Active Directory Federation Services and Claims
15. juni
3 dager
Classroom