Course curriculum

  • 1

    Intro

    • Watch First

    • Mastering Malware Analysis Book

    • Resources

  • 2

    Module 00 - Install Virtual Machine

    • Download The Virtual Machine

    • Installing VM in VirtualBox

    • Installing VM in VMWare

    • Copying Malware Samples To VM

    • Executing Commands inside the VM

  • 3

    Module 01 - APT Attacks and Malware Analysis Overview

    • 01 - Intro

    • 02 - History

    • 03 - APT Attacks

    • 04 - Malware Types

    • 05 - Analyzing Malicious Documents

    • 06 - Scenario 01 - FIN7 Spear-phishing Attack

    • Workbook & Labs

    • Quiz #1

  • 4

    Module 02 - Incident Response Process

    • 01 - Incident Discovery And Log Analysis P1

    • 02 - Incident Response And Log Analysis P2

    • 03 - Splunk

    • 04 - Packet Analysis

    • 05 - Packet Analysis Demo

    • Workbook & Labs

    • Quiz #2

  • 5

    Module 03 - Malware Analysis Process

    • 01 - Malware Analysis Process

    • 02 - How To Approach a Sample

    • 03 - Basic Static Analysis

    • 04 - Behavioral Analysis

    • 05 - Pony Malware - Tool Intro

    • 06 - Pony Malware - Basic Static Analysis

    • 07 - Pony Malware - Behavioral Analysis

    • Workbook & Labs

    • Quiz #3

  • 6

    Module 04 - x86 Assembly & Code Analysis

    • C++ Intro 01 - Get Started with your first program

    • C++ Intro 02 - Memory And Variables

    • C++ Intro 03 - Conditional Commands

    • C++ Intro 04 - Loops

    • C++ Intro 05 - Functions

    • C++ Intro 06 - Communicate with the world

    • 01 - x86 Assembly And Memory

    • 02 - x86 Assembly Instructions

    • 03 - x86 Assembly To C

    • 04 - x86 Assembly Local Variables

    • 05 - Static Analysis Level 00

    • 06 - Static Analysis Level 01

    • 07 - Static Analysis Level 02

    • 08 - Static Analysis Level 03

    • 09 - Intro to Dynamic Analysis

    • 10 - Dynamic Analysis Level 03

    • 11 - Dynamic Analysis Level 04

    • 12 - Example From a Real Malware

    • 12 - Example From a Real Malware

    • Workbook & Labs

  • 7

    Module 05 - Windows Internals & Malware Analysis

    • 01 - Application Execution Process

    • 02 - APIs and DLLs

    • 03 - Tibet APT Attack Intro

    • 04 - Tibet Malware Analysis Part 1

    • 05 - Tibet Malware Aanalysis Part 2

    • 06 - Tibet Malware Analysis Part 3

    • 07 - Tibet Malware Analysis Part 4

    • 08 - Tibet Malware Analysis Part 5

    • 09 - Tibet Malware Analysis Part 6

    • Workbook & Labs

  • 8

    Module 06 - Encryption and Encoding

    • 01 - Encoding vs Encryption

    • 02 - Tibet Malware DecryptFunc Demo

    • 03 - RC4 Algorithm Analysis P.1

    • 04 - RC4 Algorithm Analysis P.2

    • 05 - RSA Encryption Algorithms

    • 06 - Manual Unpacking

    • 07 - Manual Unpacking Demo P.1

    • 08 - Manual Packing Demo P.2

    • Workbook & Labs

    • Quiz #6

  • 9

    Module 07 - Process Injection & Anti-Reversing Techniques

    • 01 - Process Injection Intro

    • 02 - Process Injection How it Works

    • 03 - Process Injection Demo 01

    • 04 - Process Injection Demo 02

    • 05 - Process Injection Demo 03

    • 06 - Anti-Reversing Techniques 01

    • 07 - Anti-Reversing Techniques 02

    • 08 - Anti-Reversing Techniques 03

    • Workbook & Labs

  • 10

    Module 08 - Banking Trojans And API Hooking

    • 01 - Webinjects

    • 02 - API Hooking

    • 03 - API Hooking Demo 01

    • 04 - API Hooking Demo 02

    • 05 - POS Malware In Brief

    • 06 - Dexter POS Malware Demo 01

    • 07 - Dexter POS Malware Demo 02

    • 09 - Digital And Memory Forensics

    • 10 - Memory Forensics Demo

    • Workbook & Labs

  • 11

    Module 09 - Exploits And Shellcode

    • 01 - Vulnerabilities and Exploits

    • 02 - Shellcode

    • 03 - Shellcode Analysis Demo 01

    • 04 - Shellcode Analysis Demo 02

    • 05 - Analyzing Malicious Documents

    • 06 - PDFStreamDumper Demo

    • 07 - Analyzing Malicious Documents 02

    • 08 - Analyzing Malicious Documents 03

    • Workbook & Labs

  • 12

    Module 10 - Kernel-Mode Rootkits

    • 01 - Windows Kernel Internals

    • 02 - Kernel-Mode Hooking

    • 03 - MRxNet - Stuxnet Rootkit

    • 04 - MRxNet - Stuxnet Rootkil 02

    • 05 - Process Injection From Kernel-Mode

    • 06 - winSRDF and Process Injection Demo

    • Workbook & Labs

  • 13

    Module 11 - Threat Intelligence & Machine Learning

    • 01 - Threat Intel Intro

    • 02 - Yara Signatures Demo 01

    • 03 - Yara Signatures Demo 02

    • 04 - Connecting The Dots

    • 05 - Machine Learning Intro

    • 06 - Machine Learning Step by Step

    • Workbook & Labs

  • 14

    Bonus: Malware Analysis Report Template

    • Download Report Template