Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

TrainSec

Malware Analyst Professional - Level 1

via TrainSec

Go to class Write review

Overview

In this malware analysis and reverse engineering course, you will delve into the inner core of dissecting different malware types and variants, understand the adversarial mindset behind them and the used TTPs.

Syllabus

  • Module 1: Foundations & Lab Setup
    • Before diving into samples, you’ll build a safe playground. This opening module first clarifies what malware analysis is and how analysts balance static and dynamic techniques. Then you create the tools and perimeter you’ll rely on for the rest of the course: a Windows guest hardened with Flare-VM and INetSim. By the end, you have a throw-away, isolated environment where malicious binaries can run freely while their every move is recorded, your essential springboard for all future labs.
  • Module 2: From Source to Assembly: Building & Peeking Inside C Programs
    • Malware rarely ships with source code, yet knowing what typical C constructs look like in a disassembler is the analyst’s first superpower. In this module, you install a properly tooled Visual Studio, review the compile-link-load-runtime pipeline, and write a simple program while playing with some compiler options to see how each flag reshapes the PE file. Then you flip perspectives: load the freshly built binary into IDA/Ghidra, trace its functions, and correlate assembly patterns back to their C origins. By the end, you’ll grasp how everyday coding choices surface in machine code, knowledge that lets you recognise, label, and reason about unknown malware far faster in later modules.
  • Module 3: Peering into Portable Executables
    • Every Windows binary, benign or malicious, travels as a Portable Executable. This module equips you to read that blueprint like a map. You’ll learn the hierarchy of headers that the OS loader trusts, follow RVAs to real bytes on disk, and inspect the import, export, and other intricate parts of the PE file format that reveal a program’s intentions. Finally, you’ll contrast EXE and DLL flavours so you can spot masquerading tricks attackers love. With this knowledge, any sample you meet later in the course will feel less like a black box and more like a well-labelled puzzle you already know how to solve.
  • Module 4: Static Triage, Unpacking & Real-World Walk-Through
    • Speed is everything when a suspicious file lands on your desk. This module teaches you to confirm maliciousness and extract intelligence within minutes, before you ever press Run. You’ll translate AV labels, separate quick-burn IoCs from behaviour-rich IoAs, fingerprint samples by type, hash, and embedded strings, and pierce common packers to reveal true payloads. Then you will practise turning authoritative docs and API references into instant insight and apply the full workflow to a live FlawedAmmyy RAT: unpack it, map its C2 logic, flag persistence tricks, and save your progress in IDA for future use. After this module, you’ll wield a repeatable static-analysis playbook that delivers actionable results fast and sets you up for deeper dynamic or reversing tasks ahead.
  • Module 5: Live Behaviour & Dynamic Reverse Engineering
    • Static clues only go so far; eventually, you must watch malware run. In this module, you build a layered toolkit, Process Explorer, Process Hacker, Procmon, API Logger, CMD Watcher, and IDA debugger, to capture every file write, registry tweak, API call, and decrypted string in real time. You will rehearse on generic samples, then tackle the FlawedAmmyy RAT end-to-end: correlate PCAP traffic with sandbox telemetry, single-step through its remote-control routines, and harvest IOCs straight into custom YARA signatures. By the end, you’ll wield a repeatable dynamic-analysis workflow that turns chaotic runtime behaviour into precise, automatable detections.
  • Module 6: Dissecting Malicious Documents: PDFs & Office Macros
    • Email-borne documents are still the easiest way into an enterprise, so an analyst must tear them apart quickly and safely. In this module, you first learn the anatomy of PDFs, objects, actions, and embedded JavaScript, then tackle a historic yet instructive Adobe Reader exploit, carving out the payload byte-by-byte. Shifting to Office files, you explore how VBA macros, enumerate suspicious modules, and trace obfuscated code that injects shellcode straight into memory. By the end, you’ll wield a toolkit and workflow for spotting, extracting, and neutralising malicious document payloads long before a victim can click “Enable Content.”
  • Malware Lab Samples
    • Here you can download all the relevant samples so you can reproduce the analysis steps with me together.
  • YARA Rules
    • Here you can download all the relevant samples so you can reproduce the analysis steps with me together.

Reviews

Start your review of Malware Analyst Professional - Level 1

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.