Malware Analysis 101

Instructor-led training course

At a glance

This course was formerly known as Malware Analysis Fundamentals.

This course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The course introduces students to decompilation with Ghidra and introduces Windows technologies that are prevalent in malware, such as WMI, .NET, and PowerShell. The content is taught by FLARE malware analysts who are experienced in analyzing a diverse set of malware.

Prerequisites: General knowledge of computer and operating system fundamentals. Exposure to computer programming fundamentals and Windows Internals experience (recommended).

Course goals

After completing the course, learners should be able to:

  • Quickly perform malware triage using a variety of techniques and tools without running the malware
  • Analyze running malware by observing file system changes, function calls, network communications, and other indicators
  • Learn about code compilation and how to interpret decompiled Windows code
  • Analyze basic .NET and PowerShell malware and interpret WMI commands
  • Use Ghidra, the open-source disassembler/decompiler

Who this course helps

Information technology staff, information security staff, corporate investigators, and others who need to understand how malware functions operate and the processes involved in malware analysis.

How it works

Delivery methods

In-classroom instructor-led training

Duration

Two days (in-person delivery)

What to bring

Students are required to bring their own laptop that meets the following specs:

  • VirtualBox 7+
  • 30 GB of free HDD space

Take the next step

Contact Mandiant Academy to learn more and schedule your course today.

Google Cloud
  • ‪English‬
  • ‪Deutsch‬
  • ‪Español‬
  • ‪Español (Latinoamérica)‬
  • ‪Français‬
  • ‪Indonesia‬
  • ‪Italiano‬
  • ‪Português (Brasil)‬
  • ‪简体中文‬
  • ‪繁體中文‬
  • ‪日本語‬
  • ‪한국어‬
Console
Google Cloud