Participants ‘learn by doing’ using the hands-on virtual lab to practice on malware samples used in the wild by powerful APT actors.
X
X
X
X
X
X
X
Contact us
If you want to know anything about the course, we’re here to help.
Course overview
Kaspersky opens a treasure-box: our legendary training program on Advanced Malware Analysis Techniques. It helps established reverse engineers, incident responders & digital forensics specialists level-up their work on cybersecurity incidents and become unique experts.
The main focus of the course is advanced static analysis because for cybersecurity incidents involving previously unseen malicious code, this is the most reliable way to determine functionality of the code and find actionable artefacts. It allows organizations affected by APTs to define adequate damage assessment and incident response.
The course also heavily features our exclusive know-hows on the automation of decryption, decoding and other processing of the samples which helps not only optimize routine tasks, but preserves your work in the code. You will be introduced to a custom static analysis framework (available for download), proven to be very efficient during decades of Kaspersky APT research.
Igor Kuznetsov, the course author, has participated in Kaspersky research on the most notorious APT campaigns. He has cherry-picked exercises from his own work to cover generic approaches to analysis in IDA Pro, using all important features and also to demonstrate unique cornerstone cases that require special treatment, which will super- charge your skills for the future.
Welcome to the elite club of malware researchers!
100% practical and real-life
Participants ‘learn by doing’ using the hands-on virtual lab to practice on malware samples used in the wild by powerful APT actors.
Advance your static malware analysis
Strengthen your skills with advanced static analysis techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!
Learn with the best
Igor Kuznetsov is a Chief Security Researcher at Kaspersky. He participated in Kaspersky research on the most notorious APT campaigns and he’s packed the course full of his expertise and exclusive techniques.
Training objectives:
By the end of this training you will be better able to:
Key topic areas:
InfoSec professionals
The course is intended for established reverse engineers, incident responders and digital forensics practitioners seeking to level up their work with cybersecurity incidents.
Enterprises
After completing this training your cybersecurity or SOC team will be able to implement full dynamic and static analysis of malware efficiently, automate routine tasks and find detailed actionable items for protection of your organization & incident response.
Cybersecurity consultancies
Specialist consultancies who need to train their team on relevant practical skills will also benefit from this course: their personnel will level up and will be able to create more effective cybersecurity products and malware analysis services for clients.
Guided video lectures
Learn from Igor Kuznetsov, Chief Security Researcher and member of Kaspersky’s revered Global Research and Analysis Team.
Hands-on virtual lab
Practice in our fully configured virtual lab on real targeted malware cases like Lazarus, Sofacy, Regin, Equation, RedOctober, Miniduke and Carbanak.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
Introduction into IDA work flow and shellcode analysis. Main features of IDA required to reverse engineer: code, functions, structures, structure offsets. Reconstructing the metasploit’s API hashing algorithm.
Practicing shellcode analysis: extracting the C&C from the Metasploit shell, code and data flow analysis, manual reconstruction of a structure, stack layout.
Unpacking a real-life sample found at a bank and analyzing the shellcode. Proceeding through all the layers of an msvfenom-wrapped Metasploit shellcode to extract the network IOC.
Introduction into static decryption, decrypting files using a static analysis framework. Practice on the Bangladesh CB heist case (Lazarus).
Introduction into decryption of malicious Windows PE files (a Regin driver). Dealing with malicious samples with blocks of encrypted data and RVA/RAW offsets.
Static analysis of a Sofacy OSX sample. Dealing with separate strings decrypted with a dedicated function. Reconstructing the decryption routine.
Full-scale reverse engineering of a single PE file (a driver from Equation). Using knowledge from tracks 1-6 to preprocess all encrypted data and then walk through all the code, reconstructing the business logic of the driver in IDA.
DIY disassembly and API hashing. Creating your own tiny disassembler to extract the API hashes from hand-written assembly code and then reconstructing an API hashing algorithm to revert all the hashes to API names. Using IDC files to transfer results to IDA.
Introduction to document-based exploit payloads: analysis of a malicious RTF example (RedOctober dropper) where you need to locate the exploit code, unpack several layers till you get to the final payload. Generic approach to dealing with weaponized RTF documents and embedded shellcode.
Exploit analysis of a malicious Word document (Office Equation exploit). Generic approach to analyzing OLE2 objects.
Practice: analysis of a weaponized OLE2 file embedded in an RTF container (CloudAtlas). Extracting several layers till the final payload.
Static analysis of a ROP chain from a PDF document (with Miniduke from). Generic mechanics of a ROP chain, reconstructing the business logic from code snippets.
Introduction to bytecode-compiled Python samples. Practice using a decompiler to extract the source code.
Generic approach to dynamic decryption/unpacking. Extracting the payloads from Cridex samples using the debugger.
Decompiling and analyzing .NET bytecode. Dynamic extraction of the payload.
Introduction to the Golang binaries. Static analysis, built-in structures, strings. Extracting and decrypting string constants.
What you will reverse:
How you will reverse:
While samples cannot be downloaded, you can download static analysis framework, scripts from the exercises and the training materials.
Access | 6 months to complete your course from activation of your access code | ![]() |
Language | Courses delivered in English with subtitles | ![]() |
Pace | Self-guided learning that fits around your life | ![]() |
Browser-based access to virtual lab | 100 hours of virtual lab time for hands-on learning | ![]() |
Downloads | Static analysis framework, scripts from exercises and training materials are available for download | ![]() |
Learning environment | Browser-based via desktop, mobile & tablet | ![]() |
Course author | Igor Kuznetsov, Chief Security Researcher at Kaspersky GReAT | ![]() |
Guided videos | About 60 videos to guide you through the course | ![]() |
Platform support | Platform support and help from our subject matter experts is available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com | ![]() |
Special offer | If you’re already an xTraining learner then contact us at help.kaspersky.com for a special discount | ![]() |
Certificate of completion | PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) | ![]() |
$2,700 inc. tax per learner