Participants ‘learn by doing’, using the hands-on virtual lab to work on fresh targeted malware samples used in the wild by powerful APT actors.
Contact us
Ask a question?
If you want to know anything about the course, we’re here to help.
Targeted Malware Reverse Engineering
Course overview
Skilled reverse engineers aren’t born - they’re made by experience. If you are a cybersecurity specialist with a good understanding of malware analysis methodologies & tools and are looking for more confidence in applying your skills, you can bridge the gap by working hands-on with real-life cases.
With this challenge in mind, our intermediate-level course is built around analysis of 10 targeted malware cases used in the wild by powerful APT actors recently. Cases including MontysThree, LuckyMouse & Lazarus have been researched personally by our trainers as part of their work in the Kaspersky GReAT team – so you will get first-hand knowledge and best practices from their exclusive research.
By working in the dedicated virtual lab, using an array of tools like IDA Pro, Hex-Rays decompiler, Hiew, 010Editor and many others, you will gain practical experience analyzing real-life targeted malware and will become a more efficient malware analyst and reverse engineer and prove your skills are relevant to today’s threat landscape.
100% practical
Master IDA Pro and other advanced tools
Get to know the advanced features of tools like IDA Pro and develop up to date knowledge through recent APT cases.
Learn with the best
Kaspersky experts have poured more than 10 years of reverse engineering experience and their exclusive research into the course.
Training objectives
- Analyze real-life malware used in the wild by APT groups.
- Reverse-engineer malicious documents and exploits.
- Approach reverse engineering programs written in a number of programming or scripting languages (C, .NET, Delphi, Powershell, JavaScript, C++) and compiled for different architectures (x86, x64) with different compilers or operating systems (Windows, Linux).
- Master advanced features of reverse-engineering tools including IDA Pro’s scripting capabilities.
- Understand steganography in greater detail.
- Handle obfuscated or encrypted content in malicious software.
- Become more familiar with assembly.
- Understand the roundabout ways attackers launch their programs.
- Analyze shellcodes.
“The online format of Kaspersky's training helps more engineers upgrade their reversing skills and become confident users of our software disassembly product, IDA Pro.”
“The Targeted Malware Reverse Engineering course taught me valuable skills. The tips & tricks drastically improved my reversing capabilities and contributed to a solid malware-analysis base. With the variety of samples and techniques covered, I do feel prepared for future malware.”
“The Kaspersky course on Targeted Malware Reverse Engineering has significantly enhanced the capabilities of cybercrime police investigators. The expertise shared on the course by the company’s leading experts is extremely practical and unique, and has allowed our officers to get a deeper knowledge of malware analysis. We value our partnership with Kaspersky who have once again delivered a curriculum which features an unparalleled hands-on approach to learning.”
“This course is very good! Better than many other I have attended. You are onboarded alongside members of the GReAT to analyze samples in Delphi, PowerShell, Golang, .Net, C++ and shellcodes as well. Lot of useful tips and tricks are shared and the remote analysis VM is an invaluable plus, no more wasted time of configuration, you just need an Internet connection! Great value for money.”
Your course leaders
Denis Legezo,
Senior Security Researcher
Denis Legezo is a GCFA certified Senior Security Researcher. He specializes in targeted attacks research, static reverse engineering.
Denis regularly provides training on these subjects and has presented his targeted malware research at SAS, RSA Conference, VirusBulletin, HITB.
Ivan Kwiatkowski,
Senior Security Researcher
Ivan Kwiatkowski is an OSCP and OSCE-certified penetration tester and malware analyst who has been working as a Senior Security Researcher in the Global Research & Analysis Team at Kaspersky since 2018.
He maintains an open-source dissection tool for Windows executables and his research has been presented during several cybersecurity conferences. He operates an exit node of the Tor network and also delivers Kaspersky’s reverse-engineering training in Europe.
Who it's for
InfoSec professionals
The course is intended for security researchers and incident response personnel or students, malware analysts, security engineers, network security analysts, APT hunters and IT security staff working in SOCs who are seeking to expand their skills in reverse-engineering.
Enterprises
Whether you’re looking to up-skill your current cybersecurity or SOC team or create a new in-house unit, this course will considerably improve your organisation’s defences against targeted malware.
Cybersecurity consultancies
Specialist consultancies who need to train their team on relevant practical skills to be able to offer malware analysis services to their clients will also benefit from this course.
How you'll learn
Video lectures featuring Kaspersky researchers
Learn from Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers and members of Kaspersky’s revered Global Research and Analysis Team.
Hands-on virtual lab
Learn how to use tools like IDA Pro through real targeted malware cases like Lazarus, LuckyMouse and MontysThree in our fully configured virtual lab.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
Syllabus
Introduction and Chafer
Meet your trainers and get to know the course in more depth. Then go in to the Chafer APT to learn more about encryption algorithms (Windows CryptoAPI) and how enumerators and debug data help to understand the code.
LuckyMouse
Combination of static and dynamic analysis: how to use disassembler and debugger in parallel & how to dump decrypted data from memory.
Biodata Exploit
Exploited documents analysis. The tricks in position independent code. Get to know the exploit stages: egg-hunting, decryption, dynamic functions' address resolution.
Topinambour
Meet interpreted code and understand how it differs from compiled code. Static and dynamic script deobfuscation.
Biodata Trojan
Using IDA Pro’s scripting abilities to automate string decryption.
DeathStalker
How LNK-based infection chains work and how to deobfuscate PowerShell scripts.
MontysThree
Reversing steganography algorithms, importing the custom structure descriptions, exporting embedded encryption keys and scratching the surface of C++.
Lazarus Group
Reverse-engineering x64 malware and reconstructing a custom network protocol from a malware sample.
Cloud Snooper
Reverse-engineering Linux programs including backdoors and rootkits.
Cycldek’s Triad
Reverse-engineering Linux programs including backdoors and rootkits.
Benefits for you
 |
6 months to complete your course from activation of your access code |  |
 |
Courses delivered in English with subtitles | |
 |
Self-guided learning that fits around your life | |
 |
100 hours of virtual lab time for hands-on learning | |
 |
PDF downloads of training materials & tips | |
 |
Browser-based via desktop, mobile & tablet | |
 |
Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers at Kaspersky GReAT | |
 |
Over 50 videos to guide you through the course | |
 |
Platform support and help from our subject matter experts is available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com. | |
 |
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) | |
$1,400 inc. tax per learner