We are committed to providing a safe learning environment in close cooperation with the location(s). All of our services are carried out in accordance with the applicable measures as determined by RIVM. For on-site training the number of participants per training is limited, taking into account the capacity of the rooms so that keeping sufficient distance (minimum of 1.5 meters) is guaranteed. Participants of the training are requested to adhere to the prescribed hygiene measures at site. Also, we request you to stay home if you have a cold and/or when members of your household have a fever.
In this training we will cover the following basics:
- What is malware?
- How do victims get infected?
- How do we start our malware analysis?
- How do we modify malware by modifying assembly?
- What does malware actually do on our system?
- What techniques do malware creators use to not be analyzed and how to circumvent these?
- What can we see on the network layer?
- How do we analyze exploits and scripts?
This is a hands-on course. This means that the participants will receive a small portion of content after which they are immediately going to apply this knowledge in a demonstration environment. These challenges start easy and end with a full analysis of WannaCry on day three. To support people that are already familiar with (part of) the topic, we have various additional (difficult) challenges to distribute.
- Incident response employees
- Digital forensic researchers
- IT system & network administrators
- IT professionals interested in malware analysis
The training agenda is structured as followed:
- General malware overview and history
- How victims are infected
- Introduction to malware analysis
- Malware identification
- Track 1: readable text strings
- Track 2: packers, crypters and protectors
- Track 3: Jumps (assembly)
- Track 4: XOR (Exclusive OR)
- Track 5: Malware Behavior
- Track 6: API calls (assembly)
- Banking malware
- Track 7: Anti-forensics & circumvention
- Track 8: Network analysis
- Track 9: Fake internet
- Track 10: Quarantine files
- Track 11: Exploit analysis
- Track 12: WannaCry!
- Track 13: Various other challenges
Prerequisites for the course are as followed:
- Participants should understand the basics of computers, VMs and network.
- Participants should have a laptop with VMWare Workstation that supports Snapshots. We will distribute a Virtual Machine, which has to be removed after the training due to copyright. We will provide a binder containing training material.
- If you have extensive experience with the topics mentioned above, this training most likely is not suitable for you. It is a basic introduction to malware analysis
13 - 15 December 2021 | Classroom
9 - 11 May 2022 | Classroom
The course starts at 9.00 and ends at 17.00.
Deloitte Academy is a training institute accredited by several organizations.
For more information about our accreditation, please refer to our Education hours page.
Until four weeks before the start of the course you may cancel your participation by email free of charge. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.
Deloitte Academy reserves the right to cancel a course if circumstances dictate. You will be informed of this as soon as possible.
For more information about our Terms and Conditions, please refer to our FAQ page.
If you have any questions, please contact us:
Phone number: 088-288 93 33
Rolf is a manager in the Deloitte Netherlands Cyber Risk Advisory team. Rolf has completed several projects and helped (international) clients on IT security related challenges. The last few years Rolf has worked on areas such as payment security, cryptography, ICS/SCADA & IoT, performing risk analysis and project management. With a strong technical background Rolf likes to combine the technical content with the business side. Rolf likes to oversee and coordinate the whole picture and strives towards effective solutions, both from a security and usability perspective. This all combined with transferring knowledge, such as facilitating trainings and giving presentations.