Check Point

Doing what's right for the customer

Nexum Check Point

There is no upcoming training scheduled right now. Please check back soon.

Identifying and analyzing malware is an essential skill for any security professional – whether investigating a security incident, tracking a large-scale campaign, or discovering yet unknown threats.

Malware is one the major challenges facing the security industry today. It plays a critical role in high profile targeted attacks, such as the breach at Sony entertainment, as well as large, indiscriminate outbreaks, such as WannaCry.

Prerequisites

Who should take this class?
  • Analysts working in forensics, incident response, and other malware-protection fields.
  • Security professionals wishing to expand their knowledge.
  • Anyone interested in malware threats and analyzing them.

Objectives

This technical 4-day course covers all the fundamentals of malware analysis, providing the student with a solid understanding of the malware world, as well as the tools and hands-on skills required to effectively analyze malicious files.

Agenda

Introduction to Malware
  • Who perpetrates these attacks?
  • What is their goal?
  • Types of malware
  • Malware history and evolution
Malware Behavior and Techniques
  • Malware lifecycle
  • Infection, persistence, privilege escalation
  • Stealth, network communication
Malware Analysis Overview
  • Analysis types
  • Tools and techniques
Triage Analysis
  • Identifying malware
  • Analyzing the PE header
  • Examining static features
  • Utilizing OSINT tools
Dynamic Analysis — OS Behavior
  • Monitoring OS activity — process, file, registry
  • Mapping execution flow
  • Detecting malicious behaviors such as, persistence, injection, hooking
Dynamic Analysis — Network Behavior
  • Malware communication techniques
  • Analyzing malware traffic
  • Controlling responses
Analyzing Malicious Office Documents
  • Droppers and downloaders
  • Debugging macro scripts
Automated Analysis
  • Working with sandboxes
  • Evasion techniques and how to bypass them