Malware Analysis 201

Instructor-led training course

At a glance

This course was formerly known as the Malware Analysis Crash Course.

The course explains how to find the functionality of a program by analyzing disassembly and seeing how it modifies a system and its resources as it runs in a debugger. It covers Windows Internals and the Windows APIs most often used by malware authors. Each section includes in-class demonstrations and hands-on labs with real malware so learners can apply their new skills.

Prerequisites: Excellent knowledge of computer and operating system fundamentals. Computer programming fundamentals and Windows Internals experience are highly recommended.

Course goals

After completing this course, learners should be able to:

  • Understand the basics of the x86 assembly language
  • Write basic assembly programs
  • Use IDA Pro, the main tool for disassembly analysis
  • Understand Windows-specific concepts that are relevant to analyzing Windows malware
  • Learn to use the IDA debugger to monitor and change malware behavior at runtime
  • Understand intermediate disassembly concepts, such as structs and intrinsic functions

Who this course helps

Software developers, information security professionals, incident responders, computer security researchers, corporate investigators, and others who need to understand how malware operates and the processes involved in performing malware analysis.

How it works

Delivery methods

In-classroom instructor-led training

Duration

Three days (in-person delivery)

What to bring

Students are required to bring their own laptop that meets the following specs:

  • VirtualBox 7+
  • 30 GB of free HDD space

Take the next step

Contact Mandiant Academy to learn more and schedule your course today.

Google Cloud
  • ‪English‬
  • ‪Deutsch‬
  • ‪Español‬
  • ‪Español (Latinoamérica)‬
  • ‪Français‬
  • ‪Indonesia‬
  • ‪Italiano‬
  • ‪Português (Brasil)‬
  • ‪简体中文‬
  • ‪繁體中文‬
  • ‪日本語‬
  • ‪한국어‬
Console
Google Cloud