Exclusive for TrainSec students, 20% discount:
20% off for Malware analyst professional students.
With features like MemProcFS for analyzing memory dumps, CDR for sanitizing files, and CSI tools for digital forensics, Threat.Zone provides a powerful environment for malware analysis and security investigations.
This course lays the groundwork for mastering malware analysis. Gain essential skills, earn certification, and launch your cybersecurity career with confidence!
Hands-On Experience
Gain practical experience through hands-on labs and real-world case studies, allowing you to apply theoretical knowledge to practical scenarios. Develop the confidence and proficiency to analyze and combat various types of malware effectively.
Acquire the specialized skills and knowledge needed to excel in the dynamic field of cybersecurity. Our comprehensive curriculum covers the latest malware analysis techniques, ensuring you stay ahead of the curve in this rapidly evolving industry.
Enjoy lifetime access to course materials, updates, and resources, ensuring you stay current with the latest trends and developments in malware analysis. Continue to refine your skills and knowledge long after completing the course.
Upon successful completion of the course, you'll receive a prestigious certification that is widely recognized and respected by employers worldwide. Stand out from the crowd and showcase your expertise as a certified malware analyst professional.
Open doors to exciting career opportunities in cybersecurity with our malware analyst professional certification. Whether you're looking to advance in your current role or transition to a new career path, our training program equips you with the skills and credentials needed to succeed.
Connect with industry professionals and fellow students through our exclusive online community. Share insights, collaborate on projects, and expand your professional network to enhance your career prospects.
Receive personalized support from our team of experienced instructors who are dedicated to your success. Get answers to your questions, guidance on challenging concepts, and tailored feedback to help you excel in your studies.
Security researcher, consultant, and the author of the Antivirus Bypass Techniques book who lives both on the offensive and defensive fronts. Passionate about malware research, and red teaming while providing real-world security solutions. Contributing through creating content on YouTube, writing blogs, leading various courses, and mentoring people on the offensive and defensive fronts.
Only course students get
Learn practical techniques and tactics to combat, bypass, and evade antivirus software
Enroll in this course and receive a 30% discount on the best-seller Antivirus Bypass Techniques book.
Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.
“I want to recommend Uriel Kosayev as a quality professional security researcher and lecturer who knows how to guide his students, give the right word, and push them to success. I had the pleasure of being his student.”
Threat Researcher and Orion Malware Research Team Leader at Cynet
“The one and only master, thank you! Your knowledge and your passion for Cyber make you a great teacher!!!”
“Uriel is a great lecturer and person not only because of his knowledge in security research, offensive security, and Malware Analysis but also because of the passion that he provided me as a student to keep asking questions and research by myself. Uriel empowers his students with the theory behind the scenes, practical tools to handle complex problems, and the ability to empower the people who learned and work with us.”
“I want to say that Uriel Kosayev is one of the best researchers in the industry, with a lot of experience in the field of investigations and reverse engineering, I learned a lot from him. In addition, he has one of the best books on the market that teaches anti-virus bypass methods. I recommend everyone to acquire knowledge from Uriel!”
“Uriel is one of the best Cybersecurity trainers among all the people I have ever met. A rare combination of professionalism and high-quality delivery excellent and creative ways he delivers the material. On top of that, if you will ever be a student in his class, I can guarantee you that he will explain to you till you finally understand the learned material. A great lecturer and mentor!”
“I highly recommend Uriel as a Cybersecurity Specialist. I had the privilege of participating in his training session – it was an exceptional experience! Uriel delivered practical insights that significantly enhanced my and my Team's knowledge and skills in the field. The training was well-structured, engaging, and tailored to the latest industry trends. I am grateful for the opportunity to learn from Uriel and would eagerly participate in any future training sessions organized by him.”
Red Team Security Researcher @ Accenture | Penetration Tester
“I took the Certified Malware Analyst Professional. Uriel is a great instructor, goes into the fine details of subjects, and answers questions with attention. I recommend the course for anyone looking to get into malware reverse engineering and perform malware analysis of samples. The skills obtained have helped with studying different Windows mechanisms as well as developing custom malware.”
“Uriel is the best cyber instructor I have ever met.
he has a very interesting way of communicating and teaching his knowledge.
Besides his Antivirus Bypass Techniques book that was written by him is a POWERFUL book with tons of knowledge that helped to set me ahead in my career.
it has been a pleasure being your student Uriel.”
Basic understanding of networking: TCP/IP, Routing, Forwarding
Reading and understanding code
Basic understanding of Windows Server and Linux Shell commands
Basic understanding of well-known protocols such as HTTP/HTTPS, DNS, SMTP, FTP, SSH
PC/MAC with Intel i5/i7/i9 CPU, 16GB of RAM and an SSD storage
VMware Workstation/Fusion installed
Before diving into samples, you’ll build a safe playground. This opening module first clarifies what malware analysis is and how analysts balance static and dynamic techniques. Then you create the tools and perimeter you’ll rely on for the rest of the course: a Windows guest hardened with Flare-VM and INetSim. By the end, you have a throw-away, isolated environment where malicious binaries can run freely while their every move is recorded, your essential springboard for all future labs.
Malware rarely ships with source code, yet knowing what typical C constructs look like in a disassembler is the analyst’s first superpower. In this module, you install a properly tooled Visual Studio, review the compile-link-load-runtime pipeline, and write a simple program while playing with some compiler options to see how each flag reshapes the PE file. Then you flip perspectives: load the freshly built binary into IDA/Ghidra, trace its functions, and correlate assembly patterns back to their C origins. By the end, you’ll grasp how everyday coding choices surface in machine code, knowledge that lets you recognise, label, and reason about unknown malware far faster in later modules.
Every Windows binary, benign or malicious, travels as a Portable Executable. This module equips you to read that blueprint like a map. You’ll learn the hierarchy of headers that the OS loader trusts, follow RVAs to real bytes on disk, and inspect the import, export, and other intricate parts of the PE file format that reveal a program’s intentions. Finally, you’ll contrast EXE and DLL flavours so you can spot masquerading tricks attackers love. With this knowledge, any sample you meet later in the course will feel less like a black box and more like a well-labelled puzzle you already know how to solve.
Speed is everything when a suspicious file lands on your desk. This module teaches you to confirm maliciousness and extract intelligence within minutes, before you ever press Run. You’ll translate AV labels, separate quick-burn IoCs from behaviour-rich IoAs, fingerprint samples by type, hash, and embedded strings, and pierce common packers to reveal true payloads. Then you will practise turning authoritative docs and API references into instant insight and apply the full workflow to a live FlawedAmmyy RAT: unpack it, map its C2 logic, flag persistence tricks, and save your progress in IDA for future use. After this module, you’ll wield a repeatable static-analysis playbook that delivers actionable results fast and sets you up for deeper dynamic or reversing tasks ahead.
Static clues only go so far; eventually, you must watch malware run. In this module, you build a layered toolkit, Process Explorer, Process Hacker, Procmon, API Logger, CMD Watcher, and IDA debugger, to capture every file write, registry tweak, API call, and decrypted string in real time. You will rehearse on generic samples, then tackle the FlawedAmmyy RAT end-to-end: correlate PCAP traffic with sandbox telemetry, single-step through its remote-control routines, and harvest IOCs straight into custom YARA signatures. By the end, you’ll wield a repeatable dynamic-analysis workflow that turns chaotic runtime behaviour into precise, automatable detections.
Email-borne documents are still the easiest way into an enterprise, so an analyst must tear them apart quickly and safely. In this module, you first learn the anatomy of PDFs, objects, actions, and embedded JavaScript, then tackle a historic yet instructive Adobe Reader exploit, carving out the payload byte-by-byte. Shifting to Office files, you explore how VBA macros, enumerate suspicious modules, and trace obfuscated code that injects shellcode straight into memory. By the end, you’ll wield a toolkit and workflow for spotting, extracting, and neutralising malicious document payloads long before a victim can click “Enable Content.”
Here you can download all the relevant samples so you can reproduce the analysis steps with me together.
From Foundations to Advanced Expertise in Malware Analysis and Reverse Engineering
The Malware Analyst Professional course is a complete training program divided into two parts: Level 1 and Level 2, designed to take you from beginner to advanced expertise in malware analysis and reverse engineering.
Starting with Level 1 is crucial, as it provides the foundational knowledge, tools, and techniques. Level 2 builds on this base, diving into advanced topics such as code injection, unpacking packed malware, analyzing shellcode, and overcoming self-defending malware.
The Malware Analyst Professional course is a complete training program divided into two parts: Level 1 and Level 2, designed to take you from beginner to advanced expertise in malware analysis and reverse engineering. Starting with Level 1 is crucial, as it provides the foundational knowledge, tools, and techniques to analyze simple malware effectively. Level 2 builds on this base, diving into advanced topics such as code injection, unpacking packed malware, analyzing shellcode, and overcoming self-defending malware. Together, these parts offer a seamless and comprehensive learning experience, preparing you to confidently tackle real-world malware threats.