HackLab: Malware Analysis

In three days from the basics of malware analysis to reverse engineering of the more advanced types of malware

Amsterdam, Noord Holland View map
Event languages: Dutch , English

Malware stands for malicious software, scripts or code meant to aid an attacker to hack a system, keep control, steal information or to cause damage. Malware poses a large risk to an organization and having theoretical knowledge on this matter is not enough anymore. Hands-on experience is required on how to discover, analyse and fight malware and is a difficult task without the right knowledge and experience.

13 Dec.
Register here

Measures COVID-19

We are committed to providing a safe learning environment in close cooperation with the location(s). All of our services are carried out in accordance with the applicable measures as determined by RIVM. For on-site training the number of participants per training is limited, taking into account the capacity of the rooms so that keeping sufficient distance (minimum of 1.5 meters) is guaranteed. Participants of the training are requested to adhere to the prescribed hygiene measures at site. Also, we request you to stay home if you have a cold and/or when members of your household have a fever.  

Course Objectives 

In this training we will cover the following basics:

  • What is malware?
  • How do victims get infected?
  • How do we start our malware analysis?
  • How do we modify malware by modifying assembly?
  • What does malware actually do on our system?
  • What techniques do malware creators use to not be analyzed and how to circumvent these?
  • What can we see on the network layer?
  • How do we analyze exploits and scripts?

This is a hands-on course. This means that the participants will receive a small portion of content after which they are immediately going to apply this knowledge in a demonstration environment. These challenges start easy and end with a full analysis of WannaCry on day three. To support people that are already familiar with (part of) the topic, we have various additional (difficult) challenges to distribute.

Target Group

  • Incident response employees
  • Digital forensic researchers
  • IT system & network administrators
  • IT professionals interested in malware analysis


The training agenda is structured as followed:

Day 1

  • General malware overview and history
  • How victims are infected
  • Introduction to malware analysis
  • Malware identification
  • Track 1: readable text strings
  • Track 2: packers, crypters and protectors
  • Track 3: Jumps (assembly)
  • Track 4: XOR (Exclusive OR)
  • Track 5: Malware Behavior

Day 2

  • Track 6: API calls (assembly)
  • Banking malware
  • Track 7: Anti-forensics & circumvention
  • Track 8: Network analysis
  • Track 9: Fake internet
  • Track 10: Quarantine files
  • Track 11: Exploit analysis

Day 3

  • Track 12: WannaCry!
  • Track 13: Various other challenges


Extra information

Prerequisites for the course are as followed:

  • Participants should understand the basics of computers, VMs and network.
  • Participants should have a laptop with VMWare Workstation that supports Snapshots. We will distribute a Virtual Machine, which has to be removed after the training due to copyright. We will provide a binder containing training material.
  • If you have extensive experience with the topics mentioned above, this training most likely is not suitable for you. It is a basic introduction to malware analysis


13 - 15 December 2021 | Classroom | Deloitte Amsterdam
9 - 11 May 2022             | Classroom | Deloitte Amsterdam

The course starts at 9:00 AM and ends at 17:00 PM.

Attention: This course is currently being offered in a physical environment and is not accessible online.

The costs are € 1500 ex VAT. Catering (lunch) and course materials are included in the price.

Deloitte Academy is a training institute accredited by several organizations.

For more information about our accreditation, please refer to our Education hours page.

Until four weeks before the start of the course you may cancel your participation by email free of charge. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.

Deloitte Academy reserves the right to cancel a course if circumstances dictate. You will be informed of this as soon as possible.

For more information about our Terms and Conditions, please refer to our FAQ page.

If you have any questions, please contact us: 

Phone number: 088-288 93 33

'Researching a large amount of different sources everyday, I feel like the application of the four CTI principles and the discussed validation techniques will help to improve the quality of my work significantly'


Rolf Pielage

Rolf Pielage


Rolf is a manager in the Deloitte Netherlands Cyber Risk Advisory team. Rolf has completed several projects and helped (international) clients on IT security related challenges. The last few years Rolf has worked on areas such as payment security, cryptography, ICS/SCADA & IoT, performing risk analysis and project management. With a strong technical background Rolf likes to combine the technical content with the business side. Rolf likes to oversee and coordinate the whole picture and strives towards effective solutions, both from a security and usability perspective. This all combined with transferring knowledge, such as facilitating trainings and giving presentations.

This might also be interesting for you

Check out our other courses

Monday, 13 Dec 2021 Noord Holland,
Share Share event on social
Register here