Behavioral Malware Analysis Training

Behavioral Malware Analysis Training

Course Delivery

This Course is available in the following format:

Request this course in a different delivery format

GSA Schedule 70 Saving for Government Customers

Course Overview:

Behavioral Malware Analysis Training Course Description

Learn how to perform dynamic malware analysis with this Behavioral Malware Analysis Training

This Behavioral Malware Analysis Training course teaches you all the fundamental requirements necessary to analyze malicious software from a behavioral perspective. Using system monitoring tools, you will learn how to observe malware in a controlled environment to quickly analyze its malicious affects to the system. From simple keyloggers to massive botnets, this Behavioral Malware Analysis Training class covers a wide variety of current threats used on the Internet today with actual samples being analyzed in the training environment. With the majority of the Behavioral Malware Analysis Training class being hands-on each student will be issued a laptop with a secure environment to learn the skills and essential methodologies required to be an effective malware analyst.

Customize It:

• If you are familiar with some aspects of this Behavioral Malware Analysis Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.

Related Courses:

Automating Information Security with Python Training
Application Security Training

Audience / Target Group:

The target audience for this Behavioral Malware Analysis Training course:

• Threat operation analysts seeking to have a better understanding of malware
• Incident responders who need to quickly address a system security breach
• Forensic investigators who need to identify malicious software
• Individuals who have experimented with malware analysis and want to expand their malware analysis techniques and methodologies on system security, computer forensics, and incident response

Class Prerequisites:

The knowledge and skills that a learner must have before attending this course are as follows:

• Thorough understanding of Microsoft Windows
• Basic understanding of operating system internals
• Experience with VMWare software although not required would be beneficial
• Knowledge of networking protocols and Wireshark filtering is recommended but not required

What You Will Learn:

Upon completing this Behavioral Malware Analysis Training course, learners will be able to meet these objectives:

• How to identify malware and discover its capabilities
• How to setup a secure lab environment to analyze malicious software
• How to use open source tools to characterize malware samples quickly
• Obfuscation methods used by attackers to escape detection

What You Will Learn:

DAY 1:

Malware Analysis
Static Analysis
Dynamic/Behavioral Analysis
Malware Overview
Definition of Malware
Malware Intentions and Motivations
Malware Types
Virus
Worm
Backdoor
Trojan
Malicious Mobile Code
User-Mode Rootkit
Kernel-Mode Rootkit
Combination Malware
Vulnerabilities
Malware threats research websites
Technologies to fight Malware and their limitations
Intrusion Detection Systems
Intrusion Prevention Systems
Anti-Virus Software
Windows Internals for Behavioral Analysts
Windows API
Common Libraries
Building An Analysis Environment
Behavioral Analysis Process (BA)
Understanding The Process
Knowing Your Goals
BA Tools of the Trade
VMware Workstation
Sysinternals Suite
Regshot
ApateDNS & Fakenet
Wireshark
PEID & PackerBreaker
Process Hacker

DAY 2:

Baselining
Why Baseline a System
The Windows Registry
Baselining Tools
Document-Embedded Malware
How To Embed a Document
Hijack Scenario
Macro Viruses
Melissa Virus Case Study
Adware, Spyware, and Ransomware Botnet Malware
Definition of a Bot
Botnet Communication Architecture
Setting Up and Using IRC For Command and Control

DAY 3:

KeyLoggers
Purposes
Keylogger types
Hardware vs Software
Remote Access Keyloggers
Sniffers
Malicious Mobile Code (Interactive Web Apps)
Definition of Malicious Mobile Code
Attack Vectors
Reducing Risk of MMC Attacks
Backdoors
Common Backdoor Types
Propagation Methods
Persistence Methods
Finding Backdoors
Trojan Horses
Definition of a Trojan Horse
Backdoor vs Trojan Horse
Trojan Horse Infection Methods
Advanced Persistent Threat (APT)
Definition of APT
User-Mode Rootkits
Definition of a Rootkit
Benefit of Rootkits for Attackers
Kernel- vs User-Mode Rootkits
Detection Methods

DAY 4:

Drop and Execute Malware
Dropper vs Injector
VMWARE Detection
Why Malware does VMware detection
Honeynets and Honeypots
Methods of VM Detection
Destructive Malware CHM Malware
Normal CHM File Usage
Advantages and Disadvantages of CHM Files
PDF Malware
Kernel-Mode Rootkits

DAY 5:

Student Practical

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

Print Friendly, PDF & Email