Malware Reverse Engineering and Analysis

Duration 5 days

Certificate TP Certificate

Course Overview

Malware intrusion is the leading type of cyberattack on systems and computers in the world. Malicious software such as viruses, spyware, adware, etc. is designed to damage, disable and disrupt operations in an organisation.

Many organisations are spending more money and resources to analyse malware in order to understand and protect their organisations’ IT assets. The ability to undertake reverse engineering on malware to obtain information on the source of the attacker, their intentions and what has been compromised are important incident response actions for future protection in an organisation.

Join us to acquire the skills to conduct reverse engineering and analyse malware.

In collaboration with

Entry Requirements

You are required to bring your personal laptop. Please ensure that your laptop fit the hardware and software requirements listed on ‘Pre-course Specifications’.

Who Should Attend

Participants should have fundamental understanding and working knowledge of cybersecurity. You should be working in areas of Forensic/Incident/Threat Investigation or Security Operations.

What You'll Learn

Day 1

1. Introduction to the main concepts and terms

a. Course program and plan;
b. Setting up needed software and safe environment;
c. Modern types of threats and malware classification;
d. Types of analysis (Basic static, static, dynamic / behaviour, advanced dynamic);
e. Disassemblers and decompilers;

2. x86 and x64 Architecture and Assembly

a. Processor architectures, CISC vs RISC;
b. Fundamental data types;
c. Endianness;
d. x86 and x64 architecture;
e. Memory organization – memory models, paging and virtual memory;
f. Register set, main purpose hardware registers;
g. Assembly language – instruction set, opcodes, mnemonics, operands and examples;
h. Stack and heap;
i. Function calls – calling conventions, stackframe, epilogue\prologue;

Day 2

3. Static Analysis

a. Basic static analysis. Approaches and mindset;
b. Strings, entropy and hash analysis;
c. Portable Executable header analysis;
d. PE resources, overlay, imports, compiler and protection analysis;
e. PE signature, publisher information and file icon analysis;
f. AV scanning, Virustotal and web research;
g. Advanced static analysis;

4. Dynamic Analysis

a. Dynamic Analysis: Why? When? How?;
b. Using system monitoring utilities to capture file system, registry and network activity;
c. Monitoring process activity;
d. Monitoring APIs;
e. Monitoring network;

Day 3

5. Malware behavior

a. Windows malware techniques;
b. Malware persistence;
c. Anti-analysis - obfuscation, anti-debugging, anti-emulation, etc.;
d. Packers, cryptors and protectors. Unpacking malicious samples.
e. Debugging windows applications using x64dbg and Windbg.

6. Non-windows malware - Linux

a. Statistics, attack vectors;
b. Operating system security basics;
c. Static analysis: ELF file format, IDA, HIEW;
d. Dynamic analysis: file behaviour, strace, unpacking.

Day 4

7. Non-windows malware – Mac OS

a. Statistics, attack vectors;
b. Operating system security basics, internal AV, single source application distribution;
c. Static analysis: MACH-O file format, objective-c constructions;
d. Dynamic analysis: ptrace.

8. Non-windows malware – Android

a. Statistics, attack vectors: unknown sources, exploit vector;
b. Operating system security basics: Sandbox, SafetyNet
c. Static analysis: APK file format, decompilation, pseudo Java.

Day 5

9. Project/Exercise Consultation and Feedback Assignment(s)

Assignments

There are 2 assignments to be completed and submitted to the trainer, within a month from the course end date. Further details on the assignments will be provided by the trainer during the 5-day course.

Certification

Participants who meet at least 75% of the required course attendance and attempt the assessment will be awarded the Certificate of Performance.

Course Schedule/Apply

Intake Info	Application Closing Date	Course Duration
Not Available	NA	5 days (9 AM - 6 PM)	Register Interest

Intake Info

Application Closing Date

Course Duration

Not Available

5 days

(9 AM - 6 PM)

Registration may be closed earlier due to overwhelming response.

For Corporate training, click here.

Course Fees

Fees Type	Course Fees (w GST)
Singapore Citizens
Full Course Fee / Repeat Students	S$2,289.80
Aged 40 and above / SME-sponsored	S$258.94
Aged below 40	S$686.94
Non-Singapore Citizens
Full Course Fee / Repeat Students	S$2,311.20
Singapore Permanent Residents / Long-Term Visit Pass Plus (LTVP+) Holder	S$693.36
SME-sponsored (Singapore Permanent Residents) / Long-Term Visit Pass Plus (LTVP+) Holder)	S$265.36

SkillsFuture Credit Approved. For more details, please click here.

With effect from 1 Jul 2020, the Workforce Training Scheme (WTS) will be replaced by the Work Support Scheme (WSS), for more information, please visit:
https://www.wsg.gov.sg/programmes-and-initiatives/workfare-skills-support-scheme-individuals.html

Lecturer/Trainer Profile

The course will be conducted by Lecturers of Temasek Polytechnic School of Informatics & IT who are specialists in the topics covered and are equipped with an expanse of experience in training practitioners in the industry

Course Contact

tsa_shortcourse@tp.edu.sg
67881212
Monday - Thursday: 8:30am - 6:00pm
Friday: 8:30am - 5:30pm

Closed during lunchtime, 12:00pm - 1:00pm
and on weekends and public holidays.
https://www.tp.edu.sg/tsa
Temasek SkillsFuture Academy (TSA)
Temasek Polytechnic
East Wing, Block 1A, Level 3, Unit 4
21 Tampines Ave 1
Singapore 529757

Temasek Polytechnic reserves the right to alter the course, modify the scale of fee, amend any other information or cancel a course with low enrolment.

CHECK OUT OTHER COURSES

VIEW THE FULL COURSE LISTING