Malware Discovery Course (2-Days) Learn how to malware and threat hunt

Should I take this class?

Are you an IT, SOC analyst, or wanting to learn some new incident response skills? Maybe you are already an incident responder and wanting to up your skills, learn some new techniques, or just see how others do it. Maybe you want to learn these skills to be a better threat hunter. Whatever the reasons, this class is for people wanting to up or refine their skills in malware and threat hunting.

What should I know?

To take this course you will need to have a firm understanding of how to open an administrator Windows CMD prompt or admin PowerShell session. Some familiarity with variables and windows commands as well, or the equivalent in PowerShell, though PowerShell cmdlets will not be covered, many commands will work in both shells just fine. In this course you will need to navigate directories and type commands and execute batch files. Some resources to read up on how to use the command line.

• https://www.freecodecamp.org/news/command-line-commands-cli-tutorial/

• https://www.freecodecamp.org/news/how-to-use-the-cli-beginner-guide/

• https://www.makeuseof.com/tag/a-beginners-guide-to-the-windows-command-line/

Overview:

Malware Discovery is an essential skill for today’s Infosec and IT professionals.  Many malware courses start you off with an infected system or samples and how to deep analyze or even reverse engineer the malware.

This course focuses on how to discover if a system has malware and then how to do basic analysis and build a simple lab to do testing in.  We will look at what tools you need, the techniques and steps to discover malware so you can determine if a system is clean or truly infected.  The idea is to do discovery and analysis quickly and move on so we can get back to work. Also, why malware discovery is important in the real world and how we can use it to improve our defenses or identify gaps.

This course is intended for everyday commodity malware that you might get in email or surfing to advanced malware the Chinese use against a large industry.  The focus will be on Windows systems; but will touch on some tools for Apple and Linux systems as well.

Requirements:

1. Laptop running Windows 10 or 11 (you will need to re-image it)

• You can also use a Windows VM (VirtualBox, VMWare, Hyper-V, Parallels, etc.)

• Microsoft Office (Excel will be used)

• PDF Reader

• 7zip or winzip

• Notepad++

2. A list of tools will be provided on a thumb drive the day of the training

3. Malware samples will also be provided

4.NO ANTI-VIRUS or EDR software can run or the labs will likely not work - Disable them before the class

5. You MUST be and Administrator to run the tools for the course