Jump to Section

Course Overview

Malware intrusion is the leading type of cyberattack on systems and computers in the world. Malicious software such as viruses, spyware, adware, etc. is designed to damage, disable and disrupt operations in an organisation.

 

Many organisations are spending more money and resources to analyse malware in order to understand and protect their organisations’ IT assets. The ability to undertake reverse engineering on malware to obtain information on the source of the attacker, their intentions and what has been compromised are important incident response actions for future protection in an organisation.

 

Join us to acquire the skills to conduct reverse engineering and analyse malware.

 

In collaboration with

Kaspersky

Entry Requirements

You are required to bring your personal laptop. Please ensure that your laptop fit the hardware and software requirements listed on ‘Pre-course Specifications’.

Who Should Attend

Participants should have fundamental understanding and working knowledge of cybersecurity. You should be working in areas of Forensic/Incident/Threat Investigation or Security Operations.

What You'll Learn

Day 1 

1. Introduction to the main concepts and terms

a. Course program and plan;
b. Setting up needed software and safe environment;
c. Modern types of threats and malware classification;
d. Types of analysis (Basic static, static, dynamic / behaviour, advanced dynamic);
e. Disassemblers and decompilers; 

 

2. x86 and x64 Architecture and Assembly

a. Processor architectures, CISC vs RISC;
b. Fundamental data types;
c. Endianness;
d. x86 and x64 architecture;
e. Memory organization – memory models, paging and virtual memory;
f. Register set, main purpose hardware registers;
g. Assembly language – instruction set, opcodes, mnemonics, operands and examples;
h. Stack and heap;
i. Function calls – calling conventions, stackframe, epilogue\prologue; 

 

Day 2 

3. Static Analysis

a. Basic static analysis. Approaches and mindset;
b. Strings, entropy and hash analysis;
c. Portable Executable header analysis;
d. PE resources, overlay, imports, compiler and protection analysis;
e. PE signature, publisher information and file icon analysis;
f. AV scanning, Virustotal and web research;
g. Advanced static analysis; 

 

4. Dynamic Analysis

a. Dynamic Analysis: Why? When? How?;
b. Using system monitoring utilities to capture file system, registry and network activity;
c. Monitoring process activity;
d. Monitoring APIs;
e. Monitoring network; 

 

Day 3

5. Malware behavior

a. Windows malware techniques;
b. Malware persistence;
c. Anti-analysis - obfuscation, anti-debugging, anti-emulation, etc.;
d. Packers, cryptors and protectors. Unpacking malicious samples.
e. Debugging windows applications using x64dbg and Windbg. 

 

6. Non-windows malware - Linux

a. Statistics, attack vectors;
b. Operating system security basics;
c. Static analysis: ELF file format, IDA, HIEW;
d. Dynamic analysis: file behaviour, strace, unpacking. 

 

Day 4

7. Non-windows malware – Mac OS

a. Statistics, attack vectors;
b. Operating system security basics, internal AV, single source application distribution;
c. Static analysis: MACH-O file format, objective-c constructions;
d. Dynamic analysis: ptrace. 

 

8. Non-windows malware – Android

a. Statistics, attack vectors: unknown sources, exploit vector;
b. Operating system security basics: Sandbox, SafetyNet
c. Static analysis: APK file format, decompilation, pseudo Java. 

 

Day 5 

9. Project/Exercise Consultation and Feedback Assignment(s)

 

 

Assignments

 

There are 2 assignments to be completed and submitted to the trainer, within a month from the course end date. Further details on the assignments will be provided by the trainer during the 5-day course.

 

 

Certification

 

Participants who meet at least 75% of the required course attendance and attempt the assessment will be awarded the Certificate of Performance. 

Course Schedule/Apply

Intake Info Application Closing Date Course Duration

Not Available

NA

5 days

(9 AM - 6 PM)

Register Interest

Registration may be closed earlier due to overwhelming response.

 

For Corporate training, click here.

Course Fees

Fees Type Course Fees
(w GST) 
Singapore Citizens
Full Course Fee / Repeat Students S$2,289.80
Aged 40 and above / SME-sponsored S$258.94
Aged below 40 S$686.94
Non-Singapore Citizens
Full Course Fee / Repeat Students S$2,311.20
Singapore Permanent Residents / Long-Term Visit Pass Plus (LTVP+) Holder S$693.36
SME-sponsored (Singapore Permanent Residents) / Long-Term Visit Pass Plus (LTVP+) Holder) S$265.36

SkillsFuture Credit Approved. For more details, please click here


With effect from 1 Jul 2020, the Workforce Training Scheme (WTS) will be replaced by the Work Support Scheme (WSS), for more information, please visit:
https://www.wsg.gov.sg/programmes-and-initiatives/workfare-skills-support-scheme-individuals.html

Lecturer/Trainer Profile

You May Also Be Interested In

Course Contact

  • Call: 67881212 / WhatsApp: 67806361
  • Monday - Thursday: 8:30am - 6:00pm
    Friday: 8:30am - 5:30pm
     
    Closed during lunchtime, 12:00pm - 1:00pm
    and on weekends and public holidays.

  • https://www.tp.edu.sg/tsa
  • Temasek SkillsFuture Academy (TSA)
    Temasek Polytechnic
    East Wing, Block 1A, Level 3, Unit 4
    21 Tampines Ave 1
    Singapore 529757

     

  • Temasek Polytechnic reserves the right to alter the course, modify the scale of fee, amend any other information or cancel a course with low enrolment.