HackLab: Malware Analysis

In three days from the basics of malware analysis to reverse engineering of the more advanced types of malware

Event languages: Dutch , English

Malware stands for malicious software, scripts or code meant to aid an attacker to hack a system, keep control, steal information or to cause damage. Malware poses a large risk to an organization and having theoretical knowledge on this matter is not enough anymore. Hands-on experience is required on how to discover, analyse and fight malware and is a difficult task without the right knowledge and experience.

Interested? Send us an email

Course Objectives 

In this training we will cover the following basics:

  • What is malware?
  • How do victims get infected?
  • How do we start our malware analysis?
  • How do we modify malware by modifying assembly?
  • What does malware actually do on our system?
  • What techniques do malware creators use to not be analyzed and how to circumvent these?
  • What can we see on the network layer?
  • How do we analyze exploits and scripts?

This is a hands-on course. This means that the participants will receive a small portion of content after which they are immediately going to apply this knowledge in a demonstration environment. These challenges start easy and end with a full analysis of WannaCry on day three. To support people that are already familiar with (part of) the topic, we have various additional (difficult) challenges to distribute.

Target Group

  • Incident response employees
  • Digital forensic researchers
  • IT system & network administrators
  • IT professionals interested in malware analysis


The training agenda is structured as followed:

Day 1

  • General malware overview and history
  • How victims are infected
  • Introduction to malware analysis
  • Malware identification
  • Track 1: readable text strings
  • Track 2: packers, crypters and protectors
  • Track 3: Jumps (assembly)
  • Track 4: XOR (Exclusive OR)
  • Track 5: Malware Behavior

Day 2

  • Track 6: API calls (assembly)
  • Banking malware
  • Track 7: Anti-forensics & circumvention
  • Track 8: Network analysis
  • Track 9: Fake internet
  • Track 10: Quarantine files
  • Track 11: Exploit analysis

Day 3

  • Track 12: WannaCry!
  • Track 13: Various other challenges


Extra information

Prerequisites for the course are as followed:

  • Participants should understand the basics of computers, VMs and network.
  • Participants should have a laptop with VMWare Workstation that supports Snapshots. We will distribute a Virtual Machine, which has to be removed after the training due to copyright. We will provide a binder containing training material.
  • If you have extensive experience with the topics mentioned above, this training most likely is not suitable for you. It is a basic introduction to malware analysis


Contact Linda Otte for new dates
The costs are € 1500 ex VAT. Catering (lunch) and course materials are included in the price.

Until four weeks before the start of the course you may cancel your participation by email free of charge. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.

Deloitte reserves the right to cancel a course if circumstances dictate. You will be informed of this as soon as possible.

For more information about our Terms and Conditions, please refer to our FAQ page.

If you have any questions, please contact Linda Otte.


Linda Otte

Linda Otte

Risk Advisory

Ik ben verantwoordelijk voor Learning in het Cyber Risk team. In deze rol ben ik verantwoordelijk om de ultieme learning expercience te creëren voor onze interne professionals. Daarnaast ben ik verantwoordelijk voor de Cyber trainingen die wij aan onze klanten of potentiële klaten aanbieden. Naast learning & development is het coachen van mensen mijn tweede passie. Ik ben dan ook een gecertificeerd coach op het gebied van work/life balance & career coaching.

Share Share event on social
Interested? Send us an email