Malware Analysis 1 Day

The focus of the course is on how to analyze malware once it has been found. We focus on malware found on the Windows operating system—by far the most common operating system in use today—but the skills you learn will serve you well when analyzing malware on any operating system.

The course also focuses on executable, since they are the most common and the most difficult files that you’ll encounter.

At the same time, we’ve chosen to avoid discussing malicious scripts and Java pro-grams. Instead, we dive deep into the methods used for dissecting advanced threats, such as backdoors, covert malware, and rootkits.

This course will teach you how and when to use various malware analysis techniques. Understanding when to use a particular technique can be as important as knowing the technique, because using the wrong technique in the wrong situation can be a frustrating waste of time.

Goals of Malware Analysis

The purpose of malware analysis is usually to provide the information you need to respond to a network intrusion.

Your goals will typically be to deter-mine exactly what happened, and to ensure that you’ve located all infected machines and files. When analyzing suspected malware, your goal will typically be to determine exactly what a particular suspect binary can do, how to detect it on your network, and how to measure and contain its damage.

Once you identify which files require full analysis, it’s time to develop signatures to detect malware infections on your network. As you’ll learn throughout this book, malware analysis can be used to develop host-based and network signatures.

Host-based signatures, or indicators, are used to detect malicious code on victim computers. These indicators often identify files created or modified by the malware or specific changes that it makes to the registry


Unlike antivirus signatures, malware indicators focus on what the malware does to a system, not on the characteristics of the malware itself, which makes them more effective in detecting malware that changes form or that has been deleted from the hard disk.

Network signatures are used to detect malicious code by monitoring net-work traffic. Network signatures can be created without malware analysis, but signatures created with the help of malware analysis are usually far more effective, offering a higher detection rate and fewer false positives.

After obtaining the signatures, the final objective is to figure out exactly how the malware works. This is often the most asked question by senior management, who want a full explanation of a major intrusion.

The in-depth techniques you’ll learn in this book will allow you to determine the purpose and capabilities of malicious programs.

Course Content


Incident Response

Live Response & Network Research

Document Analysis

Malware Analysis

Rootkits & Memory Analysis

Network Forensics

and more...

Web application developers or architects, web security professionals, development managers, penetration testers, application security analysts, information security professionals and anyone who is responsible in web application security, data protection or tasked with building secure web applications.

1. Developers: Learn what can go wrong with badly written application code, and how to prevent such errors.
2. Web site administrators: Learn how to securely configure a web server and an application server, without compromising on functionality.
3. Application security analysts: Learn how to systematically analyse and audit a web application.
4. Project managers / IT managers: Learn how to be effective in maintaining a secure web application, going ahead

1. IT administrators, security professionals, and malware specialists fight malicious code in their organizations.

2. IT experts and Security incident responders to understand behavioural and code analysis phases.

3. Experts who perform forensic investigations also benefit from mastering this topic, because they learn how to understand key characteristic of malware present on compromised systems.

4. Experts to turn malicious executable inside out to understand their inner-workings