Jump to Section

Course Overview

Malware intrusion is the leading type of cyberattack on systems and computers in the world. Malicious software such as viruses, spyware, adware, etc. are designed to damage, disable and disrupt operations in an organisation.


Many organisations are spending more money and resources to analyse malware in order to understand and protect their organisations’ IT assets. The ability to undertake reverse engineering on malware to obtain information on the source of the attacker, their intentions and what has been compromised are important incident response actions for future protection in an organisation.


Join us to acquire the skills to conduct reverse engineering and analyse malware.

 

Kaspersky

Application/Entry Requirement

You are required to bring your personal laptop. Please ensure that your laptop fit the hardware and software requirements listed on ‘Pre-course Specifications’.

Who Should Attend

Participants should have fundamental understanding and working knowledge of cybersecurity. You should be working in areas of Forensic/Incident/Threat Investigation or Security Operations.

What You'll Learn

Day 1 

1. Introduction to the main concepts and terms

a. Course program and plan;
b. Setting up needed software and safe environment;
c. Modern types of threats and malware classification;
d. Types of analysis (Basic static, static, dynamic / behaviour, advanced dynamic);
e. Disassemblers and decompilers; 

 

2. x86 and x64 Architecture and Assembly

a. Processor architectures, CISC vs RISC;
b. Fundamental data types;
c. Endianness;
d. x86 and x64 architecture;
e. Memory organization – memory models, paging and virtual memory;
f. Register set, main purpose hardware registers;
g. Assembly language – instruction set, opcodes, mnemonics, operands and examples;
h. Stack and heap;
i. Function calls – calling conventions, stackframe, epilogue\prologue; 

 

Day 2 

3. Static Analysis

a. Basic static analysis. Approaches and mindset;
b. Strings, entropy and hash analysis;
c. Portable Executable header analysis;
d. PE resources, overlay, imports, compiler and protection analysis;
e. PE signature, publisher information and file icon analysis;
f. AV scanning, Virustotal and web research;
g. Advanced static analysis; 

 

4. Dynamic Analysis

a. Dynamic Analysis: Why? When? How?;
b. Using system monitoring utilities to capture file system, registry and network activity;
c. Monitoring process activity;
d. Monitoring APIs;
e. Monitoring network; 

 

Day 3

5. Malware behavior

a. Windows malware techniques;
b. Malware persistence;
c. Anti-analysis - obfuscation, anti-debugging, anti-emulation, etc.;
d. Packers, cryptors and protectors. Unpacking malicious samples.
e. Debugging windows applications using x64dbg and Windbg. 

 

6. Non-windows malware - Linux

a. Statistics, attack vectors;
b. Operating system security basics;
c. Static analysis: ELF file format, IDA, HIEW;
d. Dynamic analysis: file behaviour, strace, unpacking. 

 

Day 4

7. Non-windows malware – Mac OS

a. Statistics, attack vectors;
b. Operating system security basics, internal AV, single source application distribution;
c. Static analysis: MACH-O file format, objective-c constructions;
d. Dynamic analysis: ptrace. 

 

8. Non-windows malware – Android

a. Statistics, attack vectors: unknown sources, exploit vector;
b. Operating system security basics: Sandbox, SafetyNet
c. Static analysis: APK file format, decompilation, pseudo Java. 

 

Day 5 

9. Project/Exercise Consultation and Feedback Assignment(s)

 

 

Assignments

 

There are 2 assignments to be completed and submitted to the trainer, within a month from the course end date. Further details on the assignments will be provided by the trainer during the 5-day course.

 

 

Certification

 

Participants who meet at least 75% of the required course attendance and attempt the assessment will be awarded the Certificate of Performance. 

Course Schedule

Intake Info Application Closing Date Course Duration

To be advised

NA

5 Days

(9 AM - 6 PM)

APPLY

Registration may be closed earlier due to overwhelming response.

 

Application Procedures

 

Click on the Apply button above to submit your application online. Registration may be closed earlier due to overwhelming responses.

 

Steps to follow in your application: 

Step 1 - Enter NRIC/ Passport No 

Step 2 - Select ZMX and course commencement date. 

Step 3 - Enter personal, qualification, employment and sponsoring details (if applicable). 

Step 4 - Applicable for 'Stackable based modular course' or 'Diploma or Post-Diploma courses' only. Select, rank your preference for the selected subject(s) and indicate the number of subject(s) you wish to take. Please note that the subject start date(s) denotes the semester start date.

Step 5: Make declaration and submit online application

Course Fees

Fee Type Item Total Fees (w GST)
Full Course Fee S$2,289.80
SG Citizens aged 39 & below / Permanent Residents S$686.94
SG Citizens aged 40 & above / SME-sponsored SG Citizens & Permanent Residents S$258.94

SkillsFuture Credit Approved. For more details, please click here

 

With effect from 1 Jul 2020, the Workforce Training Scheme (WTS) will be replaced by Work Support Scheme (WSS), for more information, please visit:
https://www.wsg.gov.sg/programmes-and-initiatives/workfare-skills-support-scheme-individuals.html

Lecturer/Trainer Profile

You May Also Be Interested In

Course Contact

  • 67881212
  • 8.30am – 6.00pm (Mon – Fri) 

    Due to Safe Management Measures, our office is currently closed.

    Please call or email us your enquiry.

    Thank you for your patience and understanding.

  • Website: https://www.tp.edu.sg/tsa
  • Temasek SkillsFuture Academy
    Temasek Polytechnic
    East Wing Block 1A,
    Level 3, Unit 81
    21 Tampines Ave 1
    Singapore 529757

     

  • Temasek Polytechnic reserves the right to alter the course, modify the scale of fee, amend any other information or cancel course with low enrolment.

Ask TP