This is a reverse engineering works course focused on analyzing various examples of crimeware and financial APTs. It's partially based on Advanced Malware Analysis training course and shows some of the samples and analysis techniques presented there as well.

The main idea is to teach various malware analysis tips and tricks while reverse engineering interesting samples that have been encountered by Sergey during real research in the field. The course is primarily static reverse engineering with IDA Pro and writing automatic tools that help to decrypt and extract payloads or IOCs. It's suitable for those who want to learn proper ways of static malware analysis and to move into the advanced malware analysis field without depending on others.

Participation requires previous knowledge of malware reverse engineering, familiarity with Windows OS APIs and architecture, assembly language, and basic programming concepts.

About the trainer

Sergey Lozhkin is a malware reverse engineer focusing on APTs. He researches various topics in cybersecurity, mostly related to investigating and reverse engineering advanced persistence and financial threat. For 7 years, Sergey was a senior security researcher at Kaspersky Global Research and Analysis Team where he researched and published on financial threats like Carbanak, Silence, and Digital Doppelgangers and analyzed many nation-state APTs samples.

Based on this experience, Sergey created malware reverse engineering courses that show the most effective methods for analyzing top malware threats. He's trained both beginner and experienced malware analysts, SOC analysts in various private and government organizations all over the world, as well as law enforcement officers.

Key takeaways

• Reversing approach and first steps to analyzing modern financial attacks.
• Static and dynamic analysis of financial APT samples and artefacts.
• Creating automatic deobfuscation tools.
• Analysis of malicious documents: shellcode and payload extraction.

Who should attend?

This training is designed for reverse engineers, security analysts and operators, as well as threat intelligence analysts who want to gain a better understanding of modern attacks against financial organizations.

Prior reverse engineering knowledge is required – the training is not suitable for beginners.

Duration and format

This is a fully online 20-hour course* split into 5-hour sessions over 4 days.

Requisites

• Core programming concepts.
• Knowledge of Windows OS architecture and APIs.
• Basic knowledge of Assembler language is a must.

*The link for the training and other related details will be provided 1 week before the training starts.