HackLab: Malware Analysis

In three days from the basics of malware analysis to reverse engineering of the more advanced types of malware

Event languages: Dutch , English

Malware stands for malicious software, scripts or code meant to aid an attacker to hack a system, keep control, steal information or to cause damage. Malware poses a large risk to an organization and having theoretical knowledge on this matter is not enough anymore. Hands-on experience is required on how to discover, analyse and fight malware and is a difficult task without the right knowledge and experience.

Interested? Send us an email

Course Objectives 

In this training we will cover the following basics:

  • What is malware?
  • How do victims get infected?
  • How do we start our malware analysis?
  • How do we modify malware by modifying assembly?
  • What does malware actually do on our system?
  • What techniques do malware creators use to not be analyzed and how to circumvent these?
  • What can we see on the network layer?
  • How do we analyze exploits and scripts?

This is a hands-on course. This means that the participants will receive a small portion of content after which they are immediately going to apply this knowledge in a demonstration environment. These challenges start easy and end with a full analysis of WannaCry on day three. To support people that are already familiar with (part of) the topic, we have various additional (difficult) challenges to distribute.

Target Group

  • Incident response employees
  • Digital forensic researchers
  • IT system & network administrators
  • IT professionals interested in malware analysis


The training agenda is structured as followed:

Day 1

  • General malware overview and history
  • How victims are infected
  • Introduction to malware analysis
  • Malware identification
  • Track 1: readable text strings
  • Track 2: packers, crypters and protectors
  • Track 3: Jumps (assembly)
  • Track 4: XOR (Exclusive OR)
  • Track 5: Malware Behavior

Day 2

  • Track 6: API calls (assembly)
  • Banking malware
  • Track 7: Anti-forensics & circumvention
  • Track 8: Network analysis
  • Track 9: Fake internet
  • Track 10: Quarantine files
  • Track 11: Exploit analysis

Day 3

  • Track 12: WannaCry!
  • Track 13: Various other challenges


Extra information

Prerequisites for the course are as followed:

  • Participants should understand the basics of computers, VMs and network.
  • Participants should have a laptop with VMWare Workstation that supports Snapshots. We will distribute a Virtual Machine, which has to be removed after the training due to copyright. We will provide a binder containing training material.
  • If you have extensive experience with the topics mentioned above, this training most likely is not suitable for you. It is a basic introduction to malware analysis


Contact Linda Otte for new dates
The costs are € 1500 ex VAT. Catering (lunch) and course materials are included in the price.

Until four weeks before the start of the course you may cancel your participation by email free of charge. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.

Deloitte reserves the right to cancel a course if circumstances dictate. You will be informed of this as soon as possible.

For more information about our Terms and Conditions, please refer to our FAQ page.

We provide a safe learning environment in close collaboration with the locations. We carry out our services in accordance with the applicable advice and measures as determined by the RIVM. The number of participants per training remains limited, taking into account the capacity of the rooms so that keeping a safe distance is guaranteed. Participants in the training are requested to observe the prescribed hygiene measures and to stay at home if you have a cold or if you have inmates with a fever.

For further information, please refer to the CoronaCheck website of the central government.

Do you have any complaints? Please contact us and have yourself tested. Via Deloitte we can provide a voucher with which you can have an antigen test (a rapid test) taken at 70 locations in the Netherlands, free of charge.

If you have any questions, please contact Linda Otte.


Rolf Pielage

Rolf Pielage


Rolf is a manager in the Deloitte Netherlands Cyber Risk Advisory team. Rolf has completed several projects and helped (international) clients on IT security related challenges. The last few years Rolf has worked on areas such as payment security, cryptography, ICS/SCADA & IoT, performing risk analysis and project management. With a strong technical background Rolf likes to combine the technical content with the business side. Rolf likes to oversee and coordinate the whole picture and strives towards effective solutions, both from a security and usability perspective. This all combined with transferring knowledge, such as facilitating trainings and giving presentations.

Share Share event on social
Interested? Send us an email