In this training we will cover the following basics:
- What is malware?
- How do victims get infected?
- How do we start our malware analysis?
- How do we modify malware by modifying assembly?
- What does malware actually do on our system?
- What techniques do malware creators use to not be analyzed and how to circumvent these?
- What can we see on the network layer?
- How do we analyze exploits and scripts?
This is a hands-on course. This means that the participants will receive a small portion of content after which they are immediately going to apply this knowledge in a demonstration environment. These challenges start easy and end with a full analysis of WannaCry on day three. To support people that are already familiar with (part of) the topic, we have various additional (difficult) challenges to distribute.
- Incident response employees
- Digital forensic researchers
- IT system & network administrators
- IT professionals interested in malware analysis
The training agenda is structured as followed:
- General malware overview and history
- How victims are infected
- Introduction to malware analysis
- Malware identification
- Track 1: readable text strings
- Track 2: packers, crypters and protectors
- Track 3: Jumps (assembly)
- Track 4: XOR (Exclusive OR)
- Track 5: Malware Behavior
- Track 6: API calls (assembly)
- Banking malware
- Track 7: Anti-forensics & circumvention
- Track 8: Network analysis
- Track 9: Fake internet
- Track 10: Quarantine files
- Track 11: Exploit analysis
- Track 12: WannaCry!
- Track 13: Various other challenges
Prerequisites for the course are as followed:
- Participants should understand the basics of computers, VMs and network.
- Participants should have a laptop with VMWare Workstation that supports Snapshots. We will distribute a Virtual Machine, which has to be removed after the training due to copyright. We will provide a binder containing training material.
- If you have extensive experience with the topics mentioned above, this training most likely is not suitable for you. It is a basic introduction to malware analysis
Until four weeks before the start of the course you may cancel your participation by email free of charge. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.
Deloitte reserves the right to cancel a course if circumstances dictate. You will be informed of this as soon as possible.
For more information about our Terms and Conditions, please refer to our FAQ page.
We provide a safe learning environment in close collaboration with the locations. We carry out our services in accordance with the applicable advice and measures as determined by the RIVM. The number of participants per training remains limited, taking into account the capacity of the rooms so that keeping a safe distance is guaranteed. Participants in the training are requested to observe the prescribed hygiene measures and to stay at home if you have a cold or if you have inmates with a fever.
For further information, please refer to the CoronaCheck website of the central government.
Do you have any complaints? Please contact us and have yourself tested. Via Deloitte we can provide a voucher with which you can have an antigen test (a rapid test) taken at 70 locations in the Netherlands, free of charge.
Rolf is a manager in the Deloitte Netherlands Cyber Risk Advisory team. Rolf has completed several projects and helped (international) clients on IT security related challenges. The last few years Rolf has worked on areas such as payment security, cryptography, ICS/SCADA & IoT, performing risk analysis and project management. With a strong technical background Rolf likes to combine the technical content with the business side. Rolf likes to oversee and coordinate the whole picture and strives towards effective solutions, both from a security and usability perspective. This all combined with transferring knowledge, such as facilitating trainings and giving presentations.