The content of this course has been transforming over time constantly as the current hot topics related to malicious code is constantly changing. Year 2024 iterations will be focused on reverse engineering skills, information exchange and building skills for improving existing response infrastructure with real-time event processing technology.
Learning Objectives
Goal of this course is to deliver to the participants following skills and knowledge:
- Understanding malware: life-cycle and motivation of their creators.
- Identifying malware related activity in endpoints and networks.
- Autonomously collect information and analyze samples from multiple stages of malware.
- Producing and using indicators of malware related activity.
- Work as team while identify and search for IoC’s.
Topics
- Malware Lab Setup;
- Static Properties Analysis;
- Emulators;
- Behavioural Analysis;
- Malware Network Interactions;
- Core Assembly Concepts;
- Static Code Analysis;
- Dynamic Code Analysis;
- IDA;
- Packers;
- Loaders;
- Shellcodes; and
- Dynamic API Resolution.
Target Audience
Cyber security technical staff (CERT, IT departments, etc.) seeking to become familiar with malware analysis and related topics.
NB! Please be aware of the strong technical nature of this course: this is not a course for beginners. The presence of unskilled attendees is likely to hinder the overall progress of the course.
Therefore, the CCDCOE will not accept students with the inappropriate background
Prerequisites
- Knowledge of Windows internals and how operating systems functions;
- Familiarity with programming language like C or Python;
- Basic understanding of assembly language;
- Basic knowledge of networking concepts; and
- Understanding of general cybersecurity principles.
Pre-study e-Learning material
- Malware Reverse Engineering Handbook from the CCDCOE website (https://ccdcoe.org/library/ publications/)
- Recommended: ADL 348 (Fighting a Botnet Attack: a Case Study) and ADL 349 (Systematic Approaches to the Mitigation of Cyber Threats) on the NATO e-Learning website (JADL – https://jadl.act.nato.int/)
ISACA CPEs
With the completion of this course the students can earn 35 ISACA CPE hours.
Registration
Please register for the course by visiting the NATO CCDCOE website and completing the provided registration form before the deadline. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact.
An email confirming the participation will be sent only after the registration has closed.
Seat allocation will only be approved when the payment of the course fee is confirmed.
Should you have any questions, please contact: [email protected]