We're offering 20% off September Live Online classes! See which courses are applicable.   |   Details

  
AccountIcon BigDataIcon BlogIcon default_resource_icon CartIcon checkmark_icon cloud_devops_icon computer_network_admin_icon cyber_security_icon gsa_schedule_icon human_resources_icon location_icon phone_icon plus_icon programming_software_icon project_management_icon redhat_linux_icon search_icon sonography_icon sql_database_icon webinar_icon

Search UMBC Training Centers

Cybersecurity

Reverse Engineering Malware

Group Training + View more dates & times 

                 

                
                        Overview
                        

                            
Reverse Engineering Malware is an intermediate course that exposes students to the theoretical knowledge and hands-on techniques to analyze malware of greater complexity. Students will learn to analyze malicious Windows programs, debug user-mode and kernel-mode malware with WinDbg, identify common malware functionality, in addition to reversing covert and encoded malware.


Objectives


This course will provide students with a working knowledge of analyzing malicious Windows programs, debugging user mode & kernel-mode malware, identifying common malware functionality, & other related topics


Course Duration


5 days

                        

                

                                            

                        
                            Who Should Take This Course
                            

                                
Audience


This course is intended for junior malware analysts and reverse engineers who want to increase their skills to better understand more complex malicious code.


Prerequisites


Students should have significant training or experience in a high level language such as C / C++, x86 architecture and x86 Assembly language, as well as operating system principles.

                            

                    

                                                                                                    

                    
                        Schedule
                        

                            
                            
                            
                            

                        

                    

                                                            

                    
                        Course Outline
                        

                            
Day 1


    

  • Windows API
    • 

  • Handles & file system functions
    • 

  • Common registry functions & autoruns
    • 

  • Networking APIs
    • 

  • Processes, threads & mutexes
    • 



Day 2


    

  • Kernel vs. User-mode debugging
    • 

  • Software & hardware breakpoints
    • 

  • Modifying program execution & patching
    • 

  • OllyDbg overview
    • 

  • Memory maps
    • 

  • Executing code, breakpoints & tracing
    • 

  • OllyDbg plugins
    • 



Day 3


    

  • Kernel debugging with WinDbg
    • 

  • Configuring kernel debugging environment
    • 

  • Analyzing functions, structures and driver objects
    • 

  • Rootkit analysis
    • 

  • Downloaders, launchers & backdoors 
    • 

  • Analyzing various persistence mechanisms & user-mode rootkits
    • 



Day 4


    

  • Covert malware
    • 

  • Abusing resource section of PE file
    • 

  • Process injection & process replacement
    • 

  • Windows hooks & detours
    • 

  • APC injection from kernel space
    • 



Day 5


    

  • Analyzing encoding algorithms
    • 

  • XOR, BASE64 & custom encoding
    • 

  • Common crypto algorithms
    • 

  • KANAL
    • 

  • Custom decoding scripts in Python
    • 

  • Instrumentation for generic decryption
    • 


                        

                    

                                                            

                    
                        FAQs
                        

                            
    

  • Is there a discount available for current students?UMBC students and alumni, as well as students who have previously taken a public training course with UMBC Training Centers are eligible for a 10% discount, capped at $250. Please provide a copy of your UMBC student ID or an unofficial transcript or the name of the UMBC Training Centers course you have completed. Asynchronous courses are excluded from this offer.
    • 

  • What is the cancellation and refund policy?Student will receive a refund of paid registration fees only if UMBC Training Centers receives a notice of cancellation at least 10 business days prior to the class start date for classes or the exam date for exams.
    • 

  • What is Live Online training?Classes marked Live Online have the same content and expert instructors as our classroom training, but are delivered entirely online through our virtual classroom environment. Each class session is live, and led by an Instructor.
    • 


                        

                    

                                                            

            

            
        

    

    







    


    










				









    

      

        
Contact Us