OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Course image
Udemy logo

Windows Malware Analysis for Hedgehogs - Beginner Training

4.8 Filled star Filled star Filled star Filled star Half star
Based on 377 ratings
see reviews
Karsten Hahn

This course teaches more than just reverse engineering because as a malware analyst you need a variety of other skills. You will learn how to classify samples into malware types, how to identify malware families and how to determine file verdicts like clean, malicious, potentially unwanted programs, junk, grayware, or corrupt. Additionally, you will learn how malware persists, how to identify malicious autostart entries and clean infected systems.

The course aims to dispel common myths such as "trojan in a detection name means the file is a trojan horse" or "antivirus detection names are a malware classification".

Read more

This course teaches more than just reverse engineering because as a malware analyst you need a variety of other skills. You will learn how to classify samples into malware types, how to identify malware families and how to determine file verdicts like clean, malicious, potentially unwanted programs, junk, grayware, or corrupt. Additionally, you will learn how malware persists, how to identify malicious autostart entries and clean infected systems.

The course aims to dispel common myths such as "trojan in a detection name means the file is a trojan horse" or "antivirus detection names are a malware classification".

As a malware analyst with experience working at an antivirus company since 2015, I have trained many beginners in the field. I understand the usual pitfalls and the concepts that you need to grasp to become proficient. I focus on building strong foundations that make you flexible in the face of new malware advancements, rather than providing shortcuts with step-by-step recipes.

I will teach you how to differentiate between different types of files, including installers, wrappers, packed files, non-packed files, hybrid, and native compiled files. You will learn which tools to apply in which situations and how to analyse samples efficiently. To do that I give you example approaches that work for most situations.

This course is ideal for you if you already have some IT background, such as hobby or professional programmers, computer enthusiasts, administrators, computer science students, or gamers with an interest in the inner workings of software or IT security.

If you have a strong interest in the topic but lack the necessary IT background, I recommend that you learn programming first. Please refer to the course requirements for more information.

Tools

All the tools and web services that we use during the course are free:

  • Ghidra

  • x64dbg

  • VirtualBox

  • SysInternals Suite

  • PortexAnalyzer CLI and GUI

  • VirusTotal (without account)

  • Speakeasy by Mandiant

  • API Monitor

  • CyberChef

  • EXIFTool

  • Meld

  • VBinDiff

  • AnalyzePESig

  • DnSpy

  • C# Online Compiler programwiz

  • TriD

  • Detect-it-Easy

  • ReNamer

  • 7zip

  • Notepad++

  • HxD

  • Malpedia

  • lnk_parser

Requirements

You should have a strong understanding of at least one programming language, such as Python, C, C++, Java, or C#. This is a crucial requirement for the course, not only because we create small scripts during the course but because reverse engineering needs an understanding of software as foundation. The specific language does not matter, as you cannot learn every language you may encounter during analysis anyways. The concepts of programming must be clear, though.

If you are not there yet, you should not buy this course and start learning C instead. C is great because it is low-level and will integrate well with x86 assembly language.

Additionally, you must be able to read (not write) x86 assembly to understand everything in the course. Without assembly you will only be able to understand two-thirds of the content. So if you consider starting this course right away and learning assembly alongside it, that should work fine.

During this course we look at samples that use the following execution environments:

  • x86, x64 assembly

  • .NET

  • Batch

  • PowerShell

  • Nullsoft scripts

However, you do not need to learn all of these languages. Because an analyst encounters new languages all the time, your skillset is rather in using the available documentation, manuals and help provided for those environments and languages. I also show you during the course how to use the documentation for ,e.g., PowerShell.

Out of scope

Malware analysis is a broad field, so there are inevitably topics that I will not teach during this course because they would rather require their own course. Some of these topics are: assembly language, programming, how computers work, URL and website analysis, networks, analysis of malware for other platforms than Windows, mobile malware, IoT malware.

Enroll now

What's inside

Learning objectives

  • Triage and reverse engineering of potentially malicious samples
  • Determine if a file is malicious, clean, potentially unwanted, grayware, corrupt or junk
  • Write malware reports
  • Know the common types of malware and how to identify them
  • Know how and when to use a disassemblers, debuggers, meta data viewers
  • Identify malware families
  • Windows internals necessary for malware analysis, e.g., windows registry
  • Packer types, identification, basics of unpacking
  • Analysis of native and .net executables, installers, wrappers, scripts
  • Basics of disinfection

Syllabus

Introduction to Malware Analysis

Course overview and requirements

The general process of analysing files and samples with the purpose of creating analysis reports and a verdict.

Read more

Overview to building your analysis lab and how to proceed if you already have a VM.

Download links for VirtualBox, Defender Remover, course samples and Windows 10 Evaluation copy

Install a VirtualBox VM with Windows 10 Pro.

Add convenience features to VirtualBox

Remove Windows Defender from the malware lab to ensure smoothless malware analysis. Adjust the view settings to see hidden files and system files.

How we handle potential malware samples and make sure that you stay safe.

We create a shared folder setup that allows to move files to and from the host and the guest system while also preventing infections to spill over to the host.

We change the access rights so that the files in shared folders cannot execute.

We make sure that worms do not infect your home network and execute the first sample in the lab. Snapshots make it possible to set the VM back to a clean state after each malware execution.

We disable Windows updates in the VM

Summary of the lab setup and safety instructions when dealing with suspicious and malicious files and URLs.

Understand why triage is an important analysis step and what purposes it serves

Tools and links that we use for this section.

We determine the file type of 5 different files using TrID and Detect-it-Easy.

What a file type actually is and how it is different from file extensions. Can files have no file type or several file types at once?

After figuring out a file type, we look for a format specification which is an official documentation of the data layout. What information are we looking for when reading specifications? How do we find the relevant parts of the sample?

The lesson also explains how to deal with some quirks of Windows shortcuts.

Coming from a malware analyst who works for an antivirus company: What are antivirus detection names really? Who creates them? How are they different from Caro naming conventions?

We cover also: 

  • Current naming schemes of antivirus vendors

  • Default values

  • Basic components

To interpret antivirus detection names correctly, we must be able to:

  • distinguish specific from unspecific detection names

  • know what certain keywords mean

  • identifiy names that describe antivirus detection technologies

  • understand that detection names are not a malware classification

  • understand why "Trojan" does not mean trojan horse

We put our knowledge about antivirus detection names to the test and interpret the detection names for our LNK sample. We find a candidate for the malware family and alias names of the family on malpedia.

Actual analysis of the sample's code. You learn how shortcut worms work and why you should not copy shortcut arguments from the properties window.

Full analysis solution for a second sample. You also learn how to update PowerShell Help and interpret unknown PowerShell commands.

Binaries do not only contain the code that the developer has written. What other code is there?

Wrappers create files that carry the whole execution environment with them. How do we identify the used wrapper and how do we extract embedded files?

All tools and links we need for the labs in this section.

Triage: We use trid.exe and Detect-it-Easy, but none of these tools can detect the wrapper correctly. How do we find out the wrapper anyways?

We also check the file's detection names and behavior on VirusTotal to get an idea how to extract it.

Learn how to use Sysinternals Process Monitor and Process Explorer, how to add proper filters to monitor the file in action. The wrapped file unpacks the payload into TEMP but deletes it faster than we can copy it. So we apply ACLs that prevent deletion operations in TEMP.

Now that we got the payload, we analyse the code in Notepad++. We discover that it creates a PowerShell script that we did not extract so far. We modify the payload so that it creates the PowerShell script for us without deleting or executing it.

ACLs are not always a working solution, so we use APIMonitor this time to extract the payload. Learn how to set up APIMonitor to log API calls and how to set breakpoints.

What are installers? What is their structure? How can we extract installation scripts and embedded files from installers?

We identify an NSIS (Nullsoft Scriptable Install System) installer and extract the first layer of this sample as well as the install script.

The second layer is another installer: A 7zip self-extracting archive. We extract the contained files.

We find out how 7zip self-extracting archives are built up and extract the configuration of the second layer sample, so that we know what file is executed by the installer.

After unpacking the 7zip SFX we got a lot of files. We learn how to use PowerShell commands to run trid.exe and Detect-it-Easy on all of the files and print a report. That way we can determine interesting samples.

What are Auto Start Extensibility Points (ASEPs) and how are they used for malware persistence?

The Windows registry is crucial to understand malware persistence on Windows.

Topics covered in this lecture:

  • structure of a registry entry

  • root keys and links between root keys

  • registry hives

  • value data types and what they are used for

New ASEPs appear all the time. How do we find out things on our own? We reverse how service creation and deletion works by using monitoring tools and sc.exe, thus, find out what we need to do to remove a malicious service.

We use disinfector_trainer to train system disinfection. The first scenario applies Run keys and IFEO. We remove the entries using Autoruns Sysinternals and regedit.exe.

We use disinfector_trainer to train system disinfection. We remove persistence via RunOnce keys, Active Setup, Scheduled tasks and Windows shortcuts.

What is the Portable Executable format? What means endianness?

The Portable Executable format explained.

Tool and specification links for PortexAnalyzerGUI, DnSpy and the PE specification.

We examine a file with a Portable Executable viewer, namely, PortexAnalyzer. You learn how to interpret values in the MS DOS stub, the COFF file header and when timestamps are inaccurate or wrong.

We examine a file with a Portable Executable viewer, namely, PortexAnalyzer. You learn how to interpret values in the Optional Header and the section table.

We examine a file with a PortexAnalyzer and Resource Hacker. We look at resources, debug data and imports of a PE file, learn, what icon groups are, what version information is and what the imphash is.

We look at file format anomalies with PortexAnalyzer and create a visualization of the file that shows the byteplot, entropy and PE layout of a specific file.

Language processor types (decompilors, interpreters, hybrid compilers) and how they influence our tools of choice when we reverse engineer samples.

Triage of a hybrid-compiled file, a .NET assembly. How .NET works.

Decompilation of .NET assemblies. You learn the basics of using DnSpy: assembly explorer, decompilation options, assembly meta data, finding main, when to disassemble .NET into IL code instead of using decompilation.

You learn the basics of using DnSpy: searching referenced strings in code, finding the developer's code for a file that contains auto generated GUI code, how to view .NET resources

An introduction to the section contents

Analysis types and when to use them: static analysis, dynamic analysis, meta inspection, code inspection.

Understand verdicts that malware analysts give to files as a result of an analysis. What does each verdict mean and when should they be used?

How do you know if a file is clean? We discuss challenging cases and what options you have to determine the verdict.

We discuss tools for binary diffing and certificate analysis.

Download links for the tools we need in the lab.

Scenario: A known software publisher provides a download hash for their file. There are two download locations and for one of them the file hash is different. Is this a case of a maliciously patched software? How do we find the difference between those files?

How do we identify certificate manipulation in files?

The basics of certificate structure in PE files and which areas of the file are used to calculate the authentihash.

What is strict signature verification and how can we enable it to combat CVE-2013-3900?

Detection names of antivirus software have key words that indicate certain verdicts. What are these key words and what do they mean?

Introduction to writing analysis reports. We look at two types of reports: responding to an antivirus submission and a technical analysis blog article. What components should be added to such reports?

How we classify malware into types, families, variants, ...

What is a malware type and which types describe malware propagation? What is a trojan and why is it not a good term to be used for malware types?

Which types describe payload behavior? How do we determine the malware type if several types fit? What misunderstandings are there about certain malware types?

How can we identify a malware family? What information resources and strategies help us to do that?

Tools and links for the lab

We analyse the main code of a .NET malware and determine the malware type.

The next malware stage is hidden in an image. We use exiftool to extract the hidden and still encrypted data. Meanwhile we take notes for our analysis report.

We use CyberChef to decrypt the final stage and we finalize our report.

We use Obsidian, a free markdown editor, to put the analysis notes into a format that is directly useable for blog articles. I provide some tips on blog article writing, e.g., how to prevent your blog from being detected by antivirus software but still showcase malware code from your analysis.

What is Ghidra? What do we learn in this section?

The download location for Ghidra

How to install Ghidra on your VM

Creating new projects, importing files, autoanalysis of files in Ghidra

Ghidra windows and they are for: Listing window, decompiler, function graph. program trees

Also: Adjusting the layout of windows and components, basic navigation, different comment types, renaming variables and functions, fragments

Ghidra windows and they are for: Symbol tree, data type manager, console scripting, defined strings, function call graph

Also: Imports, exports, namespaces, functions, classes, entry point

A short introduction to this section.

Traffic lights

Read about what's good
what should give you pause
and possible dealbreakers
Covers a range of skills beyond reverse engineering, such as malware classification, family identification, and file verdict determination, which are essential for practical analysis
Focuses on building strong foundations rather than providing shortcuts, which is beneficial for long-term growth and adaptability in the face of evolving malware techniques
Uses free tools like Ghidra, x64dbg, and VirtualBox, making it accessible to learners without requiring expensive software licenses or subscriptions
Requires a strong understanding of at least one programming language and the ability to read x86 assembly, which may be a barrier for individuals without prior programming experience
Includes hands-on labs for setting up a safe analysis environment using VirtualBox, which is crucial for protecting the host system from potential malware infections
Teaches disinfection basics, including identifying and removing malicious autostart entries, which is a practical skill for cleaning infected systems

Save this course

Create your own learning path. Save this course to your list so you can find it easily later.
Save

Reviews summary

Beginner windows malware analysis foundation

According to students, this course provides a strong foundation in Windows malware analysis for beginners with the required technical background. Learners praise the clear explanations and the practical, hands-on labs using free tools like Ghidra and x64dbg. Many find the course well-structured and appreciate the instructor's expertise and focus on building core skills rather than just providing recipes. Some reviewers noted the importance of meeting the prerequisites, particularly the ability to read x86 assembly, as those without it may find certain sections challenging. Overall, it is considered a highly valuable starting point in the field.
Meeting prerequisites is crucial for success.
"As stated, a programming background is really necessary to keep up."
"The ability to read assembly is definitely needed for certain sections, otherwise it's a struggle."
"Make sure you meet the prerequisites, especially the assembly part."
"If you don't have the recommended background, you will need to do extra study alongside."
Content remains relevant based on recent reviews.
"Even recent reviews indicate the course content is still highly relevant to today's threats."
"The principles taught are foundational and don't seem to go out of date quickly."
Covers essential free tools effectively.
"Loved learning how to use Ghidra and x64dbg through the practical examples."
"The guidance on using tools like Sysinternals and VirusTotal was spot on."
"Good coverage of necessary free tools for analysis."
Instructor is knowledgeable and experienced.
"The instructor clearly knows their stuff and shares valuable insights from experience."
"You can tell the instructor is an experienced professional in the field."
"The instructor's real-world examples were very helpful."
Course builds essential fundamental skills.
"This course gives you a really solid foundation in malware analysis."
"It doesn't just give you recipes, it helps you understand the 'why'."
"I feel much more confident approaching malware analysis after this course."
"Excellent course to build the necessary fundamental knowledge."
The instructor provides clear and concise explanations.
"The course explanations are very clear, making complex topics understandable."
"I really appreciated the way the instructor explained each concept."
"Everything was explained step-by-step, which was very helpful for a beginner like me."
"The explanations were easy to follow and well-articulated."
Hands-on labs reinforce learning and practical skills.
"The hands-on labs were excellent and really solidified the concepts."
"Doing the labs helped me apply the theory to real-world scenarios."
"I particularly enjoyed the practical exercises with the tools."
"The labs were well-designed and essential for learning."
Some find the pace of the course challenging.
"Sometimes the pace felt a bit fast, requiring pauses and rewatches."
"Needed to frequently pause and re-read materials to keep up with the pace."
"The amount of information covered is huge, so it moves quite quickly at times."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Windows Malware Analysis for Hedgehogs - Beginner Training with these activities:
Review x86 Assembly Fundamentals
Solidify your understanding of x86 assembly language to better comprehend reverse engineering concepts covered in the course.
Show steps
  • Study x86 assembly instructions and syntax.
  • Practice reading and interpreting simple assembly code snippets.
  • Trace the execution flow of basic assembly programs.
Practice C/C++ Programming
Sharpen your C/C++ programming skills to better understand the structure and logic of malware code.
Browse courses on C++ Programming
Show steps
  • Write small programs that manipulate memory and data structures.
  • Debug C/C++ code using a debugger like GDB or Visual Studio.
  • Implement common algorithms and data structures in C/C++.
Read 'Practical Malware Analysis'
Supplement your learning with a comprehensive guide to malware analysis techniques.
View Practical Malware Analysis: The Hands-On Guide... on Amazon
Show steps
  • Read chapters related to static and dynamic analysis.
  • Complete the exercises provided in the book.
  • Compare your findings with the solutions provided.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Analyze Sample Files on VirusTotal
Practice using VirusTotal to quickly assess the characteristics and potential threats associated with various files.
Show steps
  • Download sample files from trusted sources like KernelMode.info or theZoo.
  • Upload the files to VirusTotal and analyze the results.
  • Interpret the detection ratios and vendor results.
  • Examine the file's metadata and behavior reports.
Follow Ghidra Reverse Engineering Tutorials
Enhance your reverse engineering skills by working through practical tutorials using Ghidra.
Show steps
  • Find Ghidra tutorials on YouTube or security blogs.
  • Follow the tutorials step-by-step, analyzing the provided samples.
  • Experiment with different Ghidra features and techniques.
  • Try to apply what you learned to analyze new malware samples.
Write a Malware Analysis Report
Solidify your understanding by documenting the analysis process and findings for a specific malware sample.
Show steps
  • Select a malware sample from a repository like theZoo.
  • Perform static and dynamic analysis on the sample.
  • Document your findings in a structured report.
  • Include details about the file's behavior, indicators of compromise, and potential impact.
Read 'The Art of Memory Forensics'
Expand your knowledge of advanced malware analysis techniques with a focus on memory forensics.
View The Art of Memory Forensics: Detecting Malware... on Amazon
Show steps
  • Read chapters related to memory analysis techniques.
  • Practice extracting and analyzing memory dumps.
  • Identify potential malware artifacts in memory.

Career center

Learners who complete Windows Malware Analysis for Hedgehogs - Beginner Training will develop knowledge and skills that may be useful to these careers:
Malware Analyst
A malware analyst examines and dissects malicious software to understand its functionality, origin, and potential impact. This course helps build a foundation for classifying malware types, identifying families, and determining file verdicts, all crucial skills for a malware analyst. The course's focus on dispelling common myths and building strong foundations, rather than providing shortcuts, makes it valuable for long-term proficiency in this field. Learning to differentiate file types and efficiently analyze samples will contribute to success as a malware analyst.
See salaries and explore the career path for Malware Analyst
Threat Intelligence Analyst
A threat intelligence analyst researches and analyzes cyber threats to provide actionable intelligence to organizations. As a threat intelligence analyst, this course will help build a strong base in malware analysis, which is crucial for understanding the behavior and characteristics of various threats. Through the course, you will learn to classify malware types, identify malware families, and analyze how malware persists on systems. The insights gained may be useful in developing effective threat detection and prevention strategies.
See salaries and explore the career path for Threat Intelligence Analyst
Incident Responder
Incident responders handle security breaches and cyberattacks, working to contain the damage and restore systems to normal operation. This course can help an incident responder by giving them tools to analyze malware found during incident response. You will learn how to classify malware types, identify malware families, and determine file verdicts. Understanding how malware persists and how to clean infected systems, as taught in the course, are valuable during incident response.
See salaries and explore the career path for Incident Responder
Security Engineer
Security engineers design, implement, and manage security systems and protocols. This course is useful for security engineers since it provides knowledge of malware analysis, which will give them an understanding of potential attack vectors. You will learn how to classify malware types and identify malware families. Knowing how malware persists, how to identify malicious autostart entries, and how to disinfect infected systems, as taught in the course, may be useful for security engineers.
See salaries and explore the career path for Security Engineer
Vulnerability Analyst
Vulnerability analysts identify weaknesses in systems and software that could be exploited by attackers. This course may be useful for vulnerability analysts since it teaches how to reverse engineer and analyze potentially malicious samples. The course teaches you about Windows internals, packer types, and analysis of .NET executables, which are useful in vulnerability analysis. Expertise in tools like Ghidra and x64dbg, taught in this course, can help one be a successful vulnerability analyst.
See salaries and explore the career path for Vulnerability Analyst
Application Security Engineer
Application security engineers focus on securing software applications throughout the development lifecycle. This course helps application security engineers since it teaches how to analyze malware that targets applications. The course teaches you how to identify malware families and determine file verdicts, which can help you understand how malware might exploit vulnerabilities in applications. Learning about different file types, installers, and wrappers, as covered in the course, can safeguard application development.
See salaries and explore the career path for Application Security Engineer
Digital Forensics Analyst
Digital forensics analysts investigate cybercrimes and security incidents, collecting and analyzing digital evidence. This course may be useful for digital forensics analysts because the course teaches how to analyze malware, which may be useful for identifying attack vectors. The course's insights into malware persistence mechanisms and disinfection techniques equip you to handle malware-related incidents effectively. The course's training with tools such as SysInternals Suite may be helpful for a digital forensics analyst.
See salaries and explore the career path for Digital Forensics Analyst
Security Researcher
Security researchers investigate vulnerabilities and threats within systems and software. This course may be useful for security researchers since it teaches how to triage and reverse engineer potentially malicious samples. With the course, you can determine if a file is malicious, clean, or potentially unwanted. The course helps one learn how to identify malware families, and the course teaches the use of disassemblers, debuggers, and metadata viewers. The skills that the course covers, such as identifying packer types and analyzing .NET executables, are also useful for a security researcher.
See salaries and explore the career path for Security Researcher
Cybersecurity Consultant
A cybersecurity consultant advises organizations on how to protect their systems and data from cyber threats. This course may be useful for cybersecurity consultants since it provides knowledge of malware analysis, helping consultants understand potential threats and vulnerabilities. The course teaches how malware persists, how to identify malicious autostart entries, and how to clean infected systems, providing hands-on knowledge for assessing and mitigating risks. Familiarity with tools like Ghidra and x64dbg, taught in the course, may be useful in cybersecurity consulting.
See salaries and explore the career path for Cybersecurity Consultant
Information Security Analyst
Information security analysts protect an organization's data and systems from unauthorized access and cyber threats. This course may be useful for them, as it will give them the ability to analyze malware and understand how it works. With this course, you will learn how to classify malware types, identify malware families, and determine file verdicts. The course teaches you how to identify malicious autostart entries, and how to disinfect infected systems, which are useful skills for an information security analyst.
See salaries and explore the career path for Information Security Analyst
Security Operations Center Analyst
Security operations center analysts monitor security systems, detect and respond to security incidents, and analyze potential threats. This course may be useful for Security Operations Center Analysts, because this course teaches how to analyze malware. The course may help one determine if a file is malicious, clean, potentially unwanted, grayware, corrupt, or junk. Learning how to write malware reports, identify malware families, and analyze native and .NET executables may be useful for a Security Operations Center Analyst.
See salaries and explore the career path for Security Operations Center Analyst
Reverse Engineer
Reverse engineers analyze software to understand its inner workings, often without access to the source code. This course may be useful for reverse engineers, as it focuses on reverse engineering malicious samples. The course gives you the ability to triage and reverse engineer samples, and you will determine if a file is malicious. The course teaches you about Windows internals necessary for reverse engineering. The knowledge of assembly and the different file types will help you become a successful reverse engineer.
See salaries and explore the career path for Reverse Engineer
Penetration Tester
Penetration testers simulate cyberattacks to identify vulnerabilities in systems and networks. Penetration testers may find this course useful, as it offers insights into malware analysis techniques. The course may help one understand how malware operates. Learning about malware persistence mechanisms and techniques for analyzing different file types, as taught in the course, can broaden a penetration tester's skill set. Familiarity with tools like Ghidra and x64dbg may be useful during penetration testing.
See salaries and explore the career path for Penetration Tester
Security Architect
Security architects design and oversee the implementation of security systems and infrastructure. The course may be useful for Security Architects since it teaches about malware and its impact. The course helps build a foundation for classifying malware, and identifying families and file verdicts. The training on identifying persistence mechanisms and cleaning infected systems may allow security architects to use the acquired knowledge to design robust and resilient systems.
See salaries and explore the career path for Security Architect
Software Developer
Software developers design, write, and test code for software applications. Although seemingly unrelated, this course may be useful for software developers because understanding malware analysis can help them write more secure code. The course teaches how to classify malware types and identify malware families, increasing awareness of potential security threats. Knowledge of file types, installers, and wrappers, as covered in the course, can result in more robust and secure software development practices.
See salaries and explore the career path for Software Developer

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Windows Malware Analysis for Hedgehogs - Beginner Training.
Cover image
Practical Malware Analysis
Save
Comprehensive guide to malware analysis techniques. It covers static and dynamic analysis, debugging, and reverse engineering. It is commonly used as a textbook in academic institutions and by industry professionals. This book provides a strong foundation for the concepts taught in the course and offers practical examples and exercises.
Practical Malware Analysis: The Hands-On Guide to...
Paperback
$$
Practical Malware Analysis: The Hands-On Guide to...
Kindle Edition
$$
Cover image
The Art of Memory Forensics
Save
Delves into the techniques of memory forensics, which is crucial for advanced malware analysis. It covers how to extract and analyze memory dumps to identify hidden malware and rootkits. While not directly covered in the beginner course, understanding memory forensics provides a deeper understanding of how malware operates and hides itself. This book is more valuable as additional reading to expand on the course material.
The Art of Memory Forensics: Detecting Malware and...
Paperback
$$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Course image
Rating
4.8 Filled star Filled star Filled star Filled star Half star
Effort
12 total hours
Via
Udemy
Instructor
Karsten Hahn
Language
English
Traffic lights
Read about what's good
what should give you pause
and possible dealbreakers
Covers a range of skills beyond reverse engineering, such as malware classification, family identification, and file verdict determination, which are essential for practical analysis
Focuses on building strong foundations rather than providing shortcuts, which is beneficial for long-term growth and adaptability in the face of evolving malware techniques
Uses free tools like Ghidra, x64dbg, and VirtualBox, making it accessible to learners without requiring expensive software licenses or subscriptions
Requires a strong understanding of at least one programming language and the ability to read x86 assembly, which may be a barrier for individuals without prior programming experience
Includes hands-on labs for setting up a safe analysis environment using VirtualBox, which is crucial for protecting the host system from potential malware infections
Teaches disinfection basics, including identifying and removing malicious autostart entries, which is a practical skill for cleaning infected systems
Share this
Share to help others discover this course.
Facebook LinkedIn X Reddit Link Email
Begin learning today
Enroll now to gain full access to Windows Malware Analysis for Hedgehogs - Beginner Training.
Enroll now
Save for later
Add this course to your list. Find it anytime.
Save
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser