SANS FOR710 Reverse-Engineering Malware
FOR710: Reverse-Engineering Malware - Advanced Code Analysis equips malware specialists to dissect complex Windows executables, focusing on those making headlines and challenging incident response teams globally. This course offers essential background knowledge and instructor-led walk-throughs, providing students with ample opportunities to confront real-world reverse engineering scenarios during the sessions.
As defenders refine their analysis skills and automated malware detection tools improve, malware authors intensify their efforts to infiltrate enterprise systems. Consequently, malware has evolved into more modular forms with multiple layers of obfuscated code, often executing in memory to evade detection and impede analysis. Malware analysts must adeptly handle these advanced techniques and utilize automation to manage the constant influx of diverse and complex malware targeting enterprises.
Key Learning Objectives:
- Master techniques to overcome code obfuscation hurdles, including steganography, hindering static code analysis.
- Identify critical elements of program execution to analyze multi-stage malware in memory effectively.
- Locate and extract deobfuscated shellcode during program execution.
- Develop proficiency in analyzing non-executable file formats during malware analysis.
- Explore PE header structures and fields to gain insights into malware behavior.
- Utilize WinDBG Preview for debugging and assessing critical process data structures in memory.
- Identify encryption algorithms utilized in ransomware for file encryption and essential protection.
- Understand Windows APIs facilitating encryption and articulate their functions.
- Investigate data obfuscation in malware, decode underlying content, and pinpoint algorithm implementations.
- Develop Python scripts for automating data extraction and decryption tasks.
- Craft rules for identifying malware functionality.
- Utilize Dynamic Binary Instrumentation (DBI) frameworks to automate reverse engineering workflows.
- Write Python scripts within Ghidra to expedite code analysis.
- Employ Binary Emulation frameworks for simulating code execution.
Course Components:
- FOR710 Reverse-Engineering Malware: Advanced Code Analysis Course
PDF Guides:
- FOR710 Reverse Engineering Malware Advanced Code Analysis
SANS FOR710 Reverse-Engineering Malware
Any pre-loaded packaged materials or subscription-based products, including device-based training programs, and courses that include a device, may not be refunded. Digital products including DVDs may be returned for replacement if found defective
Free Shipping on all orders within the US. International shipping is available.