Please be informed that this site uses cookies.

+971 56 800 6744

+971 2 622 2605

Course Description

This 5-day advanced technical course develops participants' skills in reverse engineering malware to understand its behavior, functionality, and impact. Aligned with the SANS FOR610 course framework, participants will learn static and dynamic malware analysis techniques, reverse engineering tools, and practical methodologies for analyzing malicious code. The course provides hands-on experience with real-world malware samples in controlled environments.

Course Objectives

Upon the successful completion of this course, each participant will be able to:

  • Understand malware types, behaviors, and analysis methodologies
  • Apply static analysis techniques to examine malware without execution
  • Conduct dynamic analysis in safe, isolated environments
  • Use reverse engineering tools (debuggers, disassemblers, and analysis platforms)
  • Analyze malicious code and document findings
  • Develop malware analysis reports for incident response and threat intelligence

Who Should Attend?

This course is designed for malware analysts, incident responders, security researchers, digital forensics professionals, and advanced cybersecurity professionals involved in threat analysis and response.

Course Agenda

Registration

Welcome & Introduction

Pre-Test

Day 1 – Malware Analysis Fundamentals

  • Introduction to malware types and families
  • Malware analysis methodologies: static, dynamic, and hybrid
  • Setting up safe malware analysis environments
  • Basic static analysis: file properties, strings, and signatures
  • Malware indicators of compromise (IOCs)
  • Ethics and legal considerations in malware analysis

Day 2 – Advanced Static Analysis

  • Portable Executable (PE) file format analysis
  • Disassemblers: IDA Pro and Ghidra fundamentals
  • Assembly language review for malware analysis
  • Identifying malware capabilities through static analysis
  • Obfuscation and packing techniques
  • Unpacking and deobfuscation methods 

Day 3 – Dynamic Malware Analysis

  • Dynamic analysis methodology and tools
  • Monitoring malware behavior: system calls, registry, file system, and network
  • Using sandboxes and automated analysis tools
  • Debuggers: x64dbg and WinDbg fundamentals
  • API monitoring and behavior analysis
  • Evading anti-analysis and anti-debugging techniques 

Day 4 – Advanced Reverse Engineering

  • Advanced debugging techniques
  • Code flow analysis and control flow graphs
  • Malware communication protocols and C2 analysi
  • Cryptographic functions in malware
  • Rootkits and kernel-mode malware analysis 

Day 5 – Practical Analysis & Reportin

  • Comprehensive malware analysis workflow
  • Documenting findings and creating analysis reports
  • Malware classification and family attribution
  • Integrating malware analysis into incident response
  • Threat intelligence and IOC sharing 

Post Test

End of the Course

Assessment Methodology

All courses conducted by EdTech will begin with a Pre-evaluation and end with a Post-evaluation. The instructor will evaluate the knowledge and skills of the participants according to the feedback given by participants. This will help to recognize the benefits and the level of knowledge gained by participants through the course.

Training Methodology

Facilitated by a highly qualified specialist, who has extensive knowledge and experience; this program will be conducted using extensively interactive methods, encouraging participants to share their own experiences and apply the program material to real-life work situations in order to stimulate group discussions and improve the efficiency of the subject coverage.

Percentages of the total course hour classification are:

  • ​40% Theoretical lectures, Concepts and approach
  • 20% Motivation to develop individual skill and Techniques
  • 20% Case Studies and Practical Exercises
  • 20% Topic General Discussions and interaction

Course Manual

Participants will be provided with comprehensive presentation material as reference manual. This presentation material is a compilation of core valuable information, references, presentation methods and inspiring reading which will be used as a part of the material guide.

Course Certificate

At the completion of the course, all participants who successfully accomplished the required contact hours will receive an EdTech Training Participation Certificate as a testimony to their commitment to professional development and further education.

Why Edtech ?

  • Industry Experienced; Internationally Qualified Trainers
  • Hands-on Practical Sessions & Assignments
  • Intensive Study materials
  • Flexible Schedules
  • Realistic training methodology
  • High-Quality Training in Affordable Course Fees
  • Achievement Certificate, as approved by the Ministry of Education (Abu Dhabi Center for Technical and Vocational Education Training - ACTVET), HABC, AWS, IAOSHE, SHRM, etc.