This course provides an introduction to the tools and methodologies used to perform malware analysis on scripts and executables, in Windows systems. Students will expose on how to analyze the functionality of a malicious script, debugging executables and observing malware functions. In two-day class, the analysis will split into one day analysis:
- Day-1: analysing malicious script (e.g. PowerShell, VBScript) including deobfuscation technique.
- Day-2: students will learn on how to analyse malicious executable, including rapid reverse engineering (covering static and dynamic analysis).
The course cover the latest threat landscape of malware infection vector, from malicious script to reverse engineering the payload.
- Knowledge in malware analysis and handling
- Basic reverse engineering knowledge
- Understanding of programming and scripting language
- VMWare Player or Fusion or Workstation
- 30GB of disk space
- 8GB RAM (minimum set of 4GB of RAM for VM)