HackLab: Malware Analysis

In three days from the basics of malware analysis to reverse engineering of the more advanced types of malware

Malware stands for malicious software, scripts or code meant to aid an attacker to hack a system, keep control, steal information or to cause damage. Malware poses a large risk to an organization and having theoretical knowledge on this matter is not enough anymore. Hands-on experience is required on how to discover, analyse and fight malware and is a difficult task without the right knowledge and experience.

16 - 18 September 2019 | The Hague

During this hands-on course experience, participants will gain experience in the analysis of malware, from the initial approach of dissecting to the analysing of advanced malware.

Course objective

This hands-on course enables participants to make their first steps towards malware analysis up to the full reverse engineering of the more advanced types of malware.

We will deal with different methods of malware analysis, such as behavioral, static analysis and reverse engineering. Topics addressed in this course include: the different properties and actions of malware, forensic traces, network traffic, code analysis, obfuscation and encryption. Various malware files, specifically written for this course, will be analyzed prior to analyzing existing malware. A major element of this course is hands-on reverse engineering, giving maximum experience to participants during the three days.

Following this course enables participants to perform their first analysis on encountered malware, correctly estimate the behavior of malware, and understand how it can be countered.

  • Gaining hands-on experience with the analysis of malware
  • Obtaining knowledge on the different types of malware
  • Obtaining knowledge on the different methods of malware analysis
  • Ability to perform a first analysis on encountered malware, correctly estimate the behavior of malware, and understand how it can be countered.


Target group

  • Incident response employees
  • Digital forensic researchers
  • IT system & network administrators
  • IT professionals interested in malware analysis

Participants should have fundamental insight into network protocols, IP network services, and operating systems. Experience with malware is not required, but a solid technical background is desired.


Course outline

Day 1

  • General malware overview and history
  • How victims are infected & Introduction to malware analysis
  • Malware identification, botnets, Malware packers and unpacking
  • Behavioural analysis & Malware debugging

Day 2

  • Recap & Introduction to malware encryption
  • Anti-Virus products and file recovery, Statical analysis, Banking malware
  • Malware scripts analysis & Malware network traffic analysis
  • Exploit analysis & Malware anti-Forensics bypassing

Day 3

  • Recap & Hands-on excercises
  • Hands-on excercises
  • Hands-on excercises
  • Summary

On Day 3, the knowledge gained is further put into practice. In different assignments, including the analysis of advanced malware specimens and Capture The Flag (CTF) exercises, insight will be provided into the inner working of malware analysis and reverse engineering in practice. 


'Technical depth required to complete the exercises/challenges. E.g. assembly and use of debuggers is not a subject that can be easily taught and the way this course is structured provides an effective way to go in depth on these demanding subjects'

'Interesting, well prepared and really good pedagogues'

Date & location

This is three-day course will be held on:

16 - 18 September 2019 
The Hague


The course will be given in English or Dutch, depending on the participants preferred language. The course material is in English.


The costs are € 1,500 ex VAT. Catering (lunch) and course materials are included in the price.

Permanent Education

Deloitte Academy is accredited by the NBA PE institution and has the NRTO label. This course qualifies for 18 PE hours. You can also register your PE-hours at the NOB or VRC.

For more information about our accreditation, we refer you to our Permanent Education page.


Until four weeks before the start of the course you may cancel your participation in writing free of charge, or you may propose to attend on another date. Should you cancel within four weeks before the start of the course you will have to pay the full registration fee. In the event of insufficient participants we reserve the right to cancel the course at any time or move the date of the event. If so, you will be informed in due time.


Joost Kremers

Joost Kremers


At Deloitte The Netherlands I work within the Cyber Security team, which is part of Cyber Risk Services. My expertise lies in the field of Payment Security and Key Management, which means that I assis... Meer