Training Practical Malware Analysis: Rapid Introduction

Training Practical Malware Analysis: Rapid Introduction

From BruCON 2014

Jump to: navigation, search

Practical Malware Analysis: Rapid Introduction by Michael Sikorski

Course Description

Get a rapid introduction to Malware Analysis and Reverse Engineering from the guy who wrote the book. This crash course will train students on how to triage and analyze malicious software. Students will get hands-on experience in the art of dissecting malicious code and gain necessary skills in order to perform analysis in the field.

Students will learn how to:

  • Get hands on experience analyzing backdoors, downloaders, keyloggers and spyware
  • Use key analysis tools like IDA Pro and OllyDbg
  • Analyze stealthy malware that hides its execution
  • Develop a methodology for unpacking malware and deal with the most popular packers
  • Quickly extract network signature and host-based indicators to locate and defeat malicious software
  • Apply newfound knowledge of Windows Internals for malware analysis
  • Set up a safe virtual environment to analyze malware in a lab environment

Course Contents

Day 1

  • Malware Analysis overview
  • Setting up a safe environment
  • Basic static and dynamic techniques
  • Quickly obtaining signatures and indicators
  • A crash course in x86 Disassembly

Day 2

  • Using IDA Pro for reversing malware
  • Analyzing malicious Windows programs
  • Debugging malware

Day 3

  • Covert Malware Launching
  • Packers and Unpacking
  • Additional Special Topic as decided by the class


  • Eagerness to learn by getting hands-on
  • Knowledge of operating systems and computer architectures
  • Basic computer programming skills with any language
  • Windows Internals knowledge is helpful but not required

Hardware and Software

VMware Workstation or Fusion installed. VMware Player is acceptable for this class, but generally not recommended. Roughly 30GB of free hard drive space for tools and the VMware image

Trainer Biography

Michael Sikorski is a well-known expert in malware analysis. He is a Technical Director at Mandiant, a FireEye Company. He leads the Malware Analysis Team through reverse engineering malware as a primary analyst and manages the overall workflow and process used by the team. Mike created a series of courses in malware analysis and teaches them to a variety of audiences including the FBI, NSA, private companies, and Black Hat.

He is co-author of the book “Practical Malware Analysis,” which is published by No Starch Press. Mike came to Mandiant from the Massachusetts Institute of Technology’s (MIT) Lincoln Laboratory. He is also a graduate of the National Security Agency's three-year Systems and Network Interdisciplinary Program (SNIP).

Mon. 22 - Wed. 24 September 2014 (09:00 - 17:00)


Back to Training Overview