Malware Analysis Workshop

מק"ט: #7549 | משך קורס: 40 שעות אק'
| מספר מפגשים: 5

Malicious software, or malware, plays a part in most computer intrusion and security incidents. Any software that does something that causes harm to a user, computer, or network can be considered malware, including viruses, trojan horses, worms, rootkits, scareware, and spyware. While the various malware incarnations do all sorts of different things, as malware analysts, we have a core set of tools and techniques at our disposal for analyzing malware.

Malware analysis is the art of dissecting malware to understand how it works, how to identify it, and how to defeat or eliminate it. And you don’t need to be an uber-hacker to perform malware analysis.

הקורס פעיל לקבוצות מטעם ארגונים בלבד, ניתן לשלוח פנייה רק אם מדובר בקבוצה
*שדות חובה
PDF version


  • Describe types of malware, including rootkits, Trojans, and viruses
  • Perform basic static analysis with sysinternals
  • Perform basic dynamic analysis with a debugging
  • Perform advanced static analysis with IDA Pro
  • Explain malware behavior, including launching, encoding, and network signatures
  • Recognize common packers and how to unpack them

קהל היעד

  • Researchers, defense and law authorities
  • System, media, information security personnel

תנאי קדם

  • Practical experience in a command line environment, especially with Linux
  • Knowledge of communication protocols - TCP / IP
  • Background and experience in code writing


PE File

  • Headers
  • Sections
  • Import / Exports
  • Resources
  • CFF Explorer


  • Concept
  • Common DLLs
  • Kernel Objects
  • Ansi and Unicode
  • Suspicious APIs and their uses


Extra Static Analysis

  • Packers
    • Obfuscators
    • VMs
    • Crypters
  • RDG Packer Detector
  • Entropy


Basic Dynamic Analysis

  • Sysinternals
  • Apimonitor
  • Wireshark
  • ApateDNS
  • InetSIM
  • Netcat
  • Sandboxes



  • Types
  • Functions
  • Pointers
  • Conditions and loops
  • " and &
  • Debugging in visual srudio


Assembly Crash

  • Architecture (x86)
  • Memory Management
  • Registers
  • Instructions
  • Opcodes


RE Methodology

  • What is RE?
  • Approaching RE
  • Decompilers


Debugging Methodology

  • What is debugging?
  • Approaching debugging
  • Debugger overview



  • Overview
  • Cheatsheet
  • Flirt signatures


Malicious Techniques

  • Hooking
  • Code Injection
  • Anti VM / Debug
  • Obfuscation
  • Persistence
  • Dynamic function resolving (using APIs and using PEB)
  • Encryption