Advanced Reverse Engineering Malware Training

Advanced Reverse Engineering Malware Training

Print Friendly, PDF & Email


Advanced Reverse Engineering Malware Training course with detailed hands-on labs

Because modern malware makes use of sophisticated obfuscation techniques, you need to have specific reversing skills in the deconstruction of various x86 assembler obfuscation tricks used by malware in order to be an expert malware reverser. This four day Advanced Reverse Engineering Malware Training course bridges the gap between reversing “vanilla” compiler generated code and the nontrivial, complex code created by expert malware authors.

Modern malware typically is developed with some measure of Command and Control (C&C) communication capabilities. The C&C protocol can used to maintain a botnet, deliver package updates, send commands, and steal data from compromised machines. Understanding and reversing the underlying C&C protocol is essential to understanding the intention, functionality, and potentially the identity of the malware author. In the Advanced Reverse Engineering Malware Training course, you will learn how to reverse these C&C protocols from live malware examples that are currently in circulation.

Reversing obfuscated malware in some cases must be done programmatically. This requires you to understand how to use specialized plugins for IDA as well as other malware-specific tools in order to de-obsfucate various portions of the code under analysis. In other cases, hours or days of manual work can be saved by learning the proper use of a specific reversing tool.

Duration: 4-5 days

Related Courses

Customize It:

• If you are familiar with some aspects of Advanced Reverse Engineering Malware, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Advanced Reverse Engineering Malware Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Advanced Reverse Engineering Malware Training course in manner understandable to lay audiences.


After completing this Advanced Reverse Engineering Malware Training course, attendees will be able to:

• Gain the in-demand career skills of a reverse engineer. Very few information security professionals, incident response analysts and vulnerability researchers have the ability to reverse malware efficiently. You will undoubtedly be at the top of your professional field.
• Learn the methodologies, tools, and manual malware reversing techniques used real world situations in our reversing lab.
• Move beyond automated “sandbox” testing of malware.
• More than interesting theories and lecture, get your hands dirty in our dedicated reversing lab in this security training course.

Advanced Reverse Engineering Malware Training – Course Outlines:

Some of the reverse engineering concepts you will learn to master during this Advanced Reverse Engineering Malware Training course.

◾ IDA configuration for programmatic reversing and script writing
◾ IDA Plugin architecture and setup
◾ The Windows Kernel
◾ Understanding the Kernel API used by malware authors
◾ Overview of common rootkit technologies
◾ Using WinDBG for kernel debugging
◾ PE Anti-reversing techniques: De-obfuscating executables for IDA
◾ Obfuscation: User-mode obfuscation methods
◾ Anti-RE Techniques: Detecting debuggers, virtual machines, and other tricks
◾ Kernel assisted obfuscation
◾ Understanding rootkit process / DLL injection
◾ Understanding rootkit process / DLL injection
◾ Reversing kernel-mode botnet bots
◾ Study of Metasploit’s Shikata-ga-nai
◾ Automated unpacking systems
◾ Utilizing Saffron and Ether
◾ Analyzing physical memory with memoryze
◾ Identifying common algorithms inside worms
◾ Virtual Machine based packers
◾ Reversing Themida and other VM packers
◾ Reversing mangled UPX and other compression types
◾ Protocol Reversing (Reversing Storm’s usermode code)
◾ Reverse storm’s C&C protocol
◾ Reversing .NET byte code
◾ CEREA Review

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

    Time frame: