Ihr Partner für IT-Infrastruktur- und Securityschulungen seit über 20 Jahren.

Analysis of Malware by Reverse Engineering

29. Aug 2023
30. Aug 2023
2690,00 EUR (zzgl. MwSt.)
Diesen Kurs buchen
Freie Plätze:
10 von 10



A new two day workshop in English.

Analysis of Malware by Reverse Engineering

Your trainer is Dr. Baptiste David.


The workshop is in English. As the speaker´s mother tongue is French, in-company trainings can also be held in the French language.


Course Description

This training is about the analysis of malware by reverse-engineering. When automatic analysis tools can no longer work as expected (malware escaping their analysis environment, unknown threat, need to answer specific questions...), it becomes necessary to analyze the malware manually. Therefore, we offer an initiation training for malware analysis going from a novice level to an initiated one. For the sake of understanding, malware analysis is done at pseudo code level with a Windows-API focus approach.

The first part of the course focuses on the technical and conceptual presentation of the different forms of malware threats, from historical viruses to the most recent and modern ones. The purpose of this part is to cover the different technologies used by malware to propagate or execute itself as well as to cover their malicious nature through numerous examples. This approach aims to better understand the threat to analyze it more efficiently.

The second part of the course focuses on the practical application of the previously learned concepts presented through a series of practical exercises and it ends with an operational real case study. For this purpose, analyze will be driven by practicing reverse engineering at a pseudo-code level, close to C/C++ programming. The goal is to be able to understand simple malware in an efficient way and to be able to identify some malware threat intelligence elements. In the end of the training, an unpublished and special crafted for this training malware will be provided to the participant.

Note that the content of this training is mainly focused on the Windows operating system (since a large part of the threat is there) but it also presents threats in the Linux environment. In fact, the most important is to understand the algorithms used by malware and how to find them via reverse engineering before focusing on the specifics of a given technique or an operating system.

In the end, all participants will have a better understanding of what is possible and of what is not possible in the field of malware, through a didactic and practical introduction to reverse engineering, based on relatively simple but particularly representative examples. The participants will have the opportunity to expand their knowledge of malware and associated threats by observing technical details from more than ten different types of malwares over two intensive days.


Training Plan

Day 1

Introduction to malware:

  • Basic concept definition: program, virus, worm, malware, antivirus software…
  • Technical refresher on the operating system
    • Microsoft & Posix API
    • Useful API: File, Network, Crypto, Process…
  • Computer virus Fundamentals
    • Life cycles of a virus
    • Different kinds of virus
  • Malware and technical description illustrated with real cases
    • Trojan / RAT
    • Spyware / Adware
    • Worms / Bots
    • Rootkits
    • Keyloggers
    • Ransomware / Wiper
  • Other technologies used by malware
    • Polymorphism and packer software
    • Fileless Malware & reinfection
    • Script malware (VBScript, PowerShell, other)
  • Presentation of a secure analysis environment for malware
    • Introduction to sandboxing environment
    • Tooling for malware analysis
  • Conclusion & practice
    • IDA: analysis of simple samples


Day 2

Exercises and practice:

  • Exercises with malware samples:
    • WannaCry: Ransomware (2017) by exploiting a vulnerability (EternalBlue) leaked from the NSA
    • NotPetya: Ransomware/Wiper (2017) infected hundreds of thousands computer in the world by reusing the EternalBlue vulnerability
    • German Parliament: RAT (2015) targeting German institution that might be of Russian origin
  • Workshop:
    • Full analysis of an unknown malware (for half a day)
      • Analysis of an unknown malware specifically written for this training and based on real cases
      • Network, system interaction and propagation analysis (malware analysis tooling)
      • Introduction to possible remediation




All HM Training Solutions seminars are available as on-site presentations tailored to meet the specific requirements of your organisation.

For more information please call +49 (60 22) 508200.


Why should you participate?

The training aims to allow you to answer the following questions in a qualified manner:

  • What are the different kinds of malware and how to recognize them (ransomware/trojan/keylogger/rootkit/bot) with reverse engineering?
  • What are the strategies used by malware authors and how to identify then in malware?
  • What are the different technical means used by malware to perform malicious actions?
  • How did some famous malware work?
  • How do we manage a real malware in an operational context?



Required Knowledge: In this training, the knowledge required for a good understanding of the concepts exposed is low. A good knowledge of programming as well as the basics of Unix and Windows operating systems are sufficient. Some rudiments or basic practice in reverse engineering would be a definite plus - but not a must.

Required Hardware:

  • Own laptop
  • We provide the possibility to connect to the virtual test environment via RDP
  • The connection is established via Wifi or Ethernet cable


Intended audience:

With this training, the following participant are addressed in particular:

  • Analysts in CERT/CSIRT/SOC
  • Junior malware analysts
  • Threat intelligence analysts
  • Cyber security engineer

More generally, this training is designed for anyone wishing to have a rigorous and efficient methodological approach, including an intensive experience to practice of reverse engineering at pseudo-code level on malware. It can be an introduction to the world of malware for beginners or an intensive update for more experienced participants.


Trainer Biography:

Dr. Baptiste David is an IT security specialist at ERNW, specialized in Windows operating system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operating system platform, kernel development and vulnerabilities research. He has given special courses and trainings in different universities in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…


Bibliographic references:

[1] Eric Filiol, Les virus informatiques : théorie, pratique et applications, 2nd ed., Springer Verlag France, 14/05/2009, 978-2287981999.

[2] Pavel Yosifovich & al., Windows Internals, Part 1, ‎ Microsoft Press, 03/05/2017, 978-0735684188.

[3] Andrea Allievi & al., Windows Internals, Part 2, ‎ Microsoft Press, 01/10/2021, 978-0135462409.

[4] Michael Sikorski and Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software Paperback, No Starch Press, 01/03/2012, 978-1593272906.

[5] Chris Eagle, The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler, 2nd ed., No Starch Press, 14/07/2011, 978-1593272890.



Dateien zum herunterladen

Diesen Kurs buchen: Analysis of Malware by Reverse Engineering

Wenn Sie bereits registriert sind, bitte hier direkt einloggen




weitere Teilnehmer


* notwendige Angaben


Folgende Trainings finden vom 26.-27. Juni 23 in Heidelberg in englischer Sprache statt

The following training will take place during your IT Security Conference "TROOPERS23:


Hacking 101

 René Mathes, Marcel Sinn & Robert Giebel

Analysis of Malware by Reverse Engineering

 Dr. Baptiste David

Hardening Microsoft Environments

 Friedwart Kuhn, Heinrich Wiederkehr & Lennart Brauns

Incident Analysis

 Florian Bausch, Justus Hoffmann & Dr. Matthias Hamann

Hacking Mobile Apps

 Ahmad Abolhadid

K8s Security 101

 Florian Bausch & Sebastian Funke

IoT Hacking 101

 Frieder Steinmetz & Dennis Heinze



+49 6022 508-200
E-mail: info@hm-ts.de

HM Training Solutions
Falkenstraße 6
63820 Elsenfeld


Wenn Sie unsere Newsletter erhalten möchten, tragen Sie hier Ihren Daten ein.
Ich akzeptiere die Allgemeinen Geschäftsbedingungen und die Datenschutzerklärung