This entry-level course in malware analysis provides foundational knowledge in malware history, safe malware sample handling, analysis methodologies and techniques, sandboxing, triage, and countermeasures.This course employs open-source tools in hands-on labs to analyze samples including packed executables, cross-platform, Office, PDF and more.

This course is part of the Trellix Cyber Operations team’s Foundations in Incident Response Education (FIRE) track of general defensive security training. Learners are provided a blend of lecture, discussions, and hands-on labs.

• Define key malware types and terms in analysis
• Describe the “4 Stages” methodology for analysis
• Apply safe handling guidelines
• Explain triage techniques and tools
• Identify key indicators of “maliciousness” in malware samples
• List at least two defensive techniques used by malware
• Describe the history of malware
• Map malware techniques to MITRE ATT&CK

• Course Introduction
• Malware Overview
• Malware Lab Construction
• Analysis Techniques
• Network Analysis
• Delivery Vectors
• Executables
• Defensive Techniques of Malware
• Modern OS Defenses

This course is intended for incident responders, information security staff, auditors, SOC analysts, investigators, and consultants responsible for digital forensics and incident response or malware analysis.

Students taking this course should have a working knowledge of Windows/Linux/macOS operating systems, and network technologies.

Basic understanding of information security, command line syntax, malware, and analytical thinking recommended.