View Class Schedule 
► ProgramsMalware Triage

Malware Triage


Malware Triage was developed to provide students with a comprehensive hands-on exposure to the processes, tools and procedures used to identify common types of malware and to quickly determine their capabilities and threat level. This course teaches students concepts and methods involved in finding, analyzing and characterizing malware to determine how severe of a threat it may pose within a system or network. The course includes significant amounts of hands-on practical application of skills learned. Students are introduced to topics and concepts through lectures then given a series of lab exercises to reinforce that learning and build skill. Students must exercise the malware analysis methodology and conduct open source research of characteristics identified in order to successfully complete the goals of the course.


  • Malware Overview
  • Introduction to Malware Identification
  • Process List Analysis
  • Suspicious Processes
  • Netstat, Open Port and Connection Analysis
  • Handles to Files and Other Resources
  • Suspicious .dlls and Drivers
  • Common Persistence Techniques
  • Rootkit Detection
  • Determining Network Awareness
  • Determining Other Capabilities (hiding, keyboard logging, taking screenshots)
  • Code Analysis Triage (Hex Editor)
  • Online Malware Capability & Signature Research"


Students attending the course should have a strong understanding of how data traverses a network, basic UNIX and Windows competency, and comfort working from the command line. Additionally, understanding of information assurance principles and penetration testing methodology are strongly recommended.


3 days

Group Training Available

UMBC Training Centers can deliver any of our courses in a group training environment at our facilities or yours. Group training can be an effective and economical method to quickly assure competency and consistency of knowledge and skills within an organization or department.