The RSA Malware Analysis course provides security analysts with tools andn techniques for analyzing malware and extracting indicators of compromise.
The RSA Malware Analysis classroom-based learning provides students with the knowledge and skills to identify and act on actionable intelligence gathered through the process of malware analysis. Students are introduced to the threat landscape and common malware vectors. They learn to select and apply the tools and techniques required to reverse, monitor, and detect a malware threat. Students develop a workflow
to gather intelligence and apply it to their security environment.
Security analysts, computer forensic investigators, incident responders who have basic knowledge of malware analysis and want to know more about the tools and techniques associated with gathering and responding to actionable intelligence.
Familiarity with computer architecture principles, operating system theory, networking principles (including protocols and communication channels), and fundamental principles of computer security. Experience with programming and scripting concepts is also required. Knowledge of Python is beneficial.
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:
- RSA Incident Handling and Response
- RSA NetWitness Endpoint Fundamentals or RSA NetWitness Endpoint Foundations
Upon successful completion of this course, participants should be able to:
- Describe the RSA Cyber Defense recommended workflow for reverse engineering current malware threats.
- Assess the presence of malware on system.
- Examine behavior of malware and its interaction with its environment using dynamic analysis tools and techniques.
- Analyze command and control (C2) communication methods to establish the intention and functionality of the malware.
- Deduce the program instructions of a malware executable through the use static analysis tools.
- Combine static and dynamic analysis methods to investigate more complex features of malware using disassembly and debugging tools.
- Collect and report actionable intelligence gained from reverse engineering malware.
- Recommend changes to a security program based upon actionable intelligence
|Industry tools used in this course include:|