Overview

Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

Understanding the capabilities of malware is critical to an organization's ability to derive threat intelligence, respond to information security incidents, and fortify defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and many other freely available tools.

Learning Outcome

You will learn:
  • Build an isolated, controlled laboratory environment for analyzing the code and behavior of malicious programs
  • Employ network and system-monitoring tools to examine how malware interacts with the file system, registry, network, and other processes in a Windows environment
  • Uncover and analyze malicious JavaScript and other components of web pages, which are often used by exploit kits for drive-by attacks
  • Control relevant aspects of the malicious program's behavior through network traffic interception and code patching to perform effective malware analysis
  • Use a disassembler and a debugger to examine the inner workings of malicious Windows executables
  • Bypass a variety of packers and other defensive mechanisms designed by malware authors to misdirect, confuse, and otherwise slow down the analyst
  • Recognize and understand common assembly-level patterns in malicious code, such as code L injection, API hooking, and anti-analysis measures
  • Assess the threat associated with malicious documents, such as PDF and Microsoft Office files
  • Derive Indicators of Compromise (IOCs) from malicious executables to strengthen incident response and threat intelligence efforts

Who should Attend?

  • Security Practitioners, should attend. This course is perfect match to any Security skill set from red teamers to incident responders. The course is focused on analysis skills
  • Incident Response Team Members who respond to complex Security incidents/intrusions and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise
  • Threat Hunters who are seeking to understand threats more fully and how to learn from them to be able to more effectively hunt threats and counter the tradecraft behind them
  • Security Operations Center Personnel and Information Security Practitioners who support hunting Operations that seek to identify attackers in their network environments
  • Digital Forensic Analysts and Malware Analysts who want to consolidate and expand their understanding of filesystem forensics, investigations of technically advanced adversaries, incident Response tactics, and advanced intrusion investigations
  • Federal Agents and Law Enforcement Officials who want to master advanced intrusion investigations and incident Response, as well as expand their investigative skills beyond traditional host-based Digital forensics
  • Technical Managers who are looking to build intelligence teams or leverage intelligence in their organizations building off of their Technical skillsets
  • SANS Alumni looking to take their analytical skills to The next level

Eligibility Criteria

  • FOR610 acts as a practical on-ramp into the world of malware analysis. It is useful both for individuals looking to enter this exciting field, as well as for those who seek to formalize and expand their skills in this area. Attendees who have found this course especially useful often have responsibilities in the areas of incident response, forensic investigation, information security, threat intelligence, and threat hunting. Course participants have included:
    • Individuals who have dealt with incidents involving malware and wanted to learn how to understand key aspects of malicious programs
    • Technologists who have informally experimented with aspects of malware analysis prior to the course and were looking to formalize and expand their expertise in this area
    • Forensic investigators and security practitioners looking to expand their skillsets and learn how to play a pivotal role in the incident response process
    The course begins by covering malware analysis at an introductory level, then quickly progresses to discussing tools and techniques of intermediate complexity. Neither programming experience nor knowledge of assembly is required to benefit from the course. However, you should have a general idea about core programming concepts such as variables, loops, and functions, so you can quickly grasp the relevant concepts in this area. The course spends some time discussing essential aspects of the assembly language, allowing malware analysts to navigate through malicious executables using a disassembler and a debugger.
This course is endorsed under Critical Infocomm Technology Resource Programme Plus (CITREP+) Programme.
To find out more about CITREP+ Funding, please refer to Programme Support under CITREP+ page


Information is accurate as of 6 August 2019