Autoplay
Autocomplete
Dark Mode
Speed
Previous Lesson
Complete and Continue
Practical Malware Analysis & Triage
Course Introduction
Hey, thanks! (0:14)
Whoami & Course Overview (5:55)
Course Discord Information
Safety Always! Building Your Malware Analysis Lab & Malware Safety
Lab Network Options: Local VMs vs. AWS Cloud Lab
Downloading VirtualBox (2:29)
Downloading Windows 10 (2:05)
Setting Up the Windows 10 VM (8:12)
Downloading REMnux (1:10)
Installing REMnux (2:05)
Installing FLARE-VM (16:45)
Analysis Network Setup (7:26)
INetSim Setup (13:16)
Host-only Safety & Internal Networks
Lab VM Repo Link
Rapid-deployable Cloud Malware Analysis Lab Setup
Course Lab Repo Link
Course Lab Repo Download & Lab Orientation (4:00)
Taking a Snapshot Before First Detonation (1:29)
Detonating Our First Sample (5:57)
Tool Troubleshooting (5:05)
Course Tool List & Resources
Basic Malware Handling (8:52)
Safe Malware Sourcing & Additional Resources (6:50)
Basic Static Analysis
Hashing Malware Samples (3:45)
Malware Repositories: VirusTotal (2:49)
Strings & FLOSS: Static String Analysis (8:03)
Analyzing the Import Address Table (7:36)
Introduction to the Windows API (6:00)
MalAPI.io (4:08)
To Pack Or Not To Pack: Packed Malware Analysis (9:42)
Combining Analysis Methods: PEStudio (6:45)
Identifying Malware Capabilities & Intro to MITRE ATT&CK
Note Review (1:59)
Basic Dynamic Analysis
Basic Dynamic Analysis Intro: Host and Network Indicators (3:39)
Initial Detonation & Triage: Hunting for Network Signatures (8:44)
Host-Based Indicators: Procmon Part I (7:44)
Host-Based Indicators: Procmon Part II (6:06)
Dynamic Analysis of Unknown Binaries Part I: Analyzing Wireshark (13:02)
Dynamic Analysis of Unknown Binaries Part II: Host-Based Indicators (21:19)
Analyzing a Reverse Shell Part I: Correlating IOCs (18:12)
Analyzing a Reverse Shell Part II: Parent-Child Process Analysis (6:43)
Challenge 1: SillyPutty
Challenge 1: SillyPutty Intro (1:43)
Challenge 1: SillyPutty Walkthrough (18:21)
Advanced Static Analysis: Assembly Language, Decompiling, & Disassembling Malware
Intro to Advanced Analysis & Assembly Language (10:01)
Disassembling & Decompiling a Malware Dropper: Intro to Cutter (8:46)
x86 CPU Instructions, Memory Registers, & the Stack: A Closer Look (13:06)
Revisiting the Dropper: Assembly Instructions and the Windows API (8:17)
Hello, World! Under a Microscope Part I (18:31)
Advanced Analysis of a Process Injector (16:56)
Advanced Dynamic Analysis: Debugging Malware
Getting Comfortable in x32dbg: Flow Control & Breakpoints (12:59)
Debugging the Dropper: Dynamic Analysis of x86 Instructions & API Calls (17:49)
Hello, World! Under a Microscope Part II (14:27)
Challenge 2: SikoMode
Challenge 2: SikoMode Intro (1:37)
Challenge 2: SikoMode Walkthrough (20:18)
Bonus Lecture: Live Analysis of Challenge 2 SikoMode Twitch Stream with Taggart
Binary Patching & Anti-analysis
Patch it out: Patching x86 Binaries
Identifying & Defeating Anti-analysis Techniques
Specialty Malware Classes
Specialty Malware Classes
Gone Phishing: Maldoc Analysis
Analyzing Excel Maldocs: OLEdump (10:55)
Analyzing Word Maldocs: Remote Template Macro Injection (7:35)
What The Shell? Shellcode Analysis
Analyzing Shellcode: Carving Shellcode & scdbg (14:29)
Carving Shellcode from Memory (13:00)
Off-Script: Scripted Malware Delivery Mechanisms
PowerShell: Analyzing Obfuscated Scripts (12:25)
VBScript: Analyzing a Multi-Stage MSBuild Dropper (13:58)
HTML Applications (HTA): Wrapped Payloads, Scripted Delivery, & WMI
Stay Sharp: Reversing C# Malware
Intro to Reversing C# & the .NET Framework (8:24)
Reversing an Encrypted C2 Dropper DLL with dnSpy (13:37)
Go Time: Analyzing Go Malware
Programming Language Recognition & Analyzing a Go Service Backdoor (9:33)
Get Mobile! Mobile Malware Analysis
Lab Update: Installing MobSF (4:54)
Intro to MobSF (7:58)
The Bossfight! Analyzing Real-World Malware Samples
WannaCry.exe Introduction (1:29)
WannaCry.exe Walkthrough (28:33)
Automation: Sandboxes & Pipelines
BlueJupyter: Automating Triage with Jupyter Notebooks (17:04)
Any.Run: Malware Sandboxing (5:17)
Advanced Script Analysis with ChatGPT (15:45)
Tell The World: Rule Writing & Report Publishing
Writing YARA Rules (16:59)
Detecting Malware with YARA (7:33)
Writing & Publishing a Malware Analysis Report (10:06)
Course Final
Course Final (1:45)
Course Conclusion
Congrats! Course Outro (2:05)
Learning Objectives
Feedback Form
A new challenger approaches... PJMR!
Host-Based Indicators: Procmon Part II
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock