Every computer incident involves a Trojan, backdoor, virus, or rootkit. Incident responders must be able to perform rapid analysis on the malware encountered in an effort to cure current infections and prevent future ones.
During malware analysis, the analyst must determine how it operates, what functionality is built in and what attacker controlled domains or Internet Protocol (IP) addresses it communicates with. Failing to understand the malware functionality threatens all remediation efforts. This course provides a quick introduction to the tools and methodologies used to perform malware analysis on executable found on Windows systems using a practical, hands-on approach. Students will learn how to extract host and networkbased indicators from a malicious program using dynamic and static analysis techniques. Candidate will also learn the basics of how to find the functionality of a program by analyzing disassembly and by watching how it modifies a system as it runs in a debugger.