Take your malware analysis skills to the next level with Malware Analyst Professional Level 2! Led by Uriel Kosayev, founder of TrainSec Academy, this course dives into advanced malware dissection, attacker methods, and reverse engineering tools like IDA Pro and x64dbg. Covering x86 architecture, Windows API analysis, code injection, packed malware, and shellcode, it equips you to excel as a professional malware analyst.
About the trainer
Author of the Antivirus Bypass Techniques book
Security researcher, consultant, and the author of the Antivirus Bypass Techniques book who lives both on the offensive and defensive fronts. Passionate about malware research, and red teaming while providing real-world security solutions. Contributing through creating content on YouTube, writing blogs, leading various courses, and mentoring people on the offensive and defensive fronts.
Only course students get
Learn practical techniques and tactics to combat, bypass, and evade antivirus software
Enroll in this course and receive a 30% discount on the best-seller Antivirus Bypass Techniques book.
Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.
Take your malware analysis skills to the next level with Malware Analyst Professional Level 2, the ultimate course for mastering advanced malware dissection and reverse engineering. Building on the foundational knowledge from Level 1, this program, led by Uriel Kosayev—founder of TrainSec Academy and an expert malware researcher—dives deep into the techniques and tools used to analyze and counter sophisticated cyber threats.
The course begins by solidifying your understanding of reverse engineering, exploring x86 architecture, assembly language, memory layouts, and debugging techniques using tools like IDA Pro and x64dbg. You’ll gain practical insights into analyzing Windows API functions, understanding their role in malware behavior, and utilizing resources like MSDN documentation for in-depth analysis.
Delving into offensive tactics, the course covers code injection techniques, including CreateRemoteThread and process hollowing, providing hands-on examples of how malware manipulates processes. You’ll also explore the self-defense mechanisms of malware, such as anti-debugging, anti-virtual machine detection, and anti-antivirus strategies, learning to identify and overcome these countermeasures.
A key focus is unpacking packed malware, where you’ll practice manually unpacking real-world examples like the WannaCry ransomware and packers like UPX, PECompact, and ASPack. Finally, you’ll master shellcode analysis, dissecting and reverse engineering malicious payloads to uncover their functionality and impact.
By the end of this comprehensive program, you’ll have the expertise to dissect complex malware, understand attacker methodologies, and use industry-standard tools effectively. This course is your gateway to becoming a highly skilled malware analyst, ready to tackle the most challenging cybersecurity threats.
This section lays the foundation for reverse engineering in the context of malware analysis. It begins with a course overview by Uriel Kosayev, detailing the advanced topics to be covered. The lessons then introduce reverse engineering as the process of uncovering the inner workings of software, using tools such as disassemblers, decompilers, and debuggers. Core concepts of x86 architecture, including CPU components, memory layouts, and the interaction between RAM, the CPU, and registers, are explained in detail. Further, the section delves into assembly language operations like PUSH, POP, and control flow instructions, emphasizing their importance in analyzing malicious binaries. The final lesson explores bitwise operations (AND, OR, NOT, XOR) and their applications, providing practical examples to enhance understanding. By the end of this section, students acquire a solid technical foundation for diving deeper into malware reverse engineering.
This section explores the critical role of Windows API functions in malware analysis and reverse engineering. It begins with an introduction to how these functions serve as a bridge between software and the operating system, enabling processes to interact with system resources. Students learn to configure debug symbols to enhance the debugging experience and navigate MSDN documentation to understand API functions effectively. Advanced lessons delve into analyzing API calls, identifying their purpose, and using tools like IDA Pro and x64dbg to trace their execution. By the end of this section, students gain a comprehensive understanding of Windows APIs and their significance in dissecting malware functionality.
This section dives into the techniques and mechanisms of code injection, a common tactic used by malware to manipulate processes. It starts with an introduction to the concept of code injection and its relevance in cybersecurity. Lessons cover the classification of various injection methods, including their characteristics and use cases. The section provides an in-depth exploration of process injection techniques, such as CreateRemoteThread, which allows injecting code into remote processes, and Process Hollowing, a method for replacing legitimate code with malicious payloads. These techniques are broken down into practical steps, with examples and tools to help students identify, analyze, and counteract such methods. By the end, students gain valuable skills to detect and understand code injection, a critical component of advanced malware analysis.
This section explores the sophisticated techniques used by malware to evade detection and analysis, equipping students with the skills to counter these defensive measures. The introduction sets the stage by explaining the concept of anti-analysis tactics employed by malware. Subsequent lessons dive into anti-debugging methods that hinder debugging tools, and anti-virtual machine (anti-VM) techniques that detect and avoid running in virtualized environments. Finally, the section addresses anti-antivirus (anti-AV) strategies, illustrating how malware bypasses traditional security software. Through practical examples and detailed explanations, students gain insights into recognizing and overcoming these self-defense mechanisms, a critical aspect of malware analysis.
This section delves into the methods used to unpack and analyze packed malware, a common tactic employed by attackers to obscure their malicious code. The lessons start with an introduction to packers and the unpacking process, explaining how packing works and its role in hindering analysis. Students then analyze real-world examples, such as unpacking the infamous WannaCry ransomware, to understand these techniques in action. Practical sessions cover manual unpacking of malware packed with tools like UPX, PECompact, and ASPack, guiding students through the step-by-step process of bypassing these layers of obfuscation. By the end of this section, participants are equipped with the skills needed to effectively combat and analyze packed malware.
This section focuses on the analysis and reverse engineering of shellcode, a compact and powerful piece of malicious code used in exploitation. It begins with an introduction to shellcode analysis, explaining its purpose, structure, and role in cyberattacks. Subsequent lessons guide students through the reverse engineering process, covering practical techniques to dissect shellcode. Using step-by-step examples, the course demonstrates how to identify entry points, decode obfuscated instructions, and understand the payload's functionality. By the end of the section, participants gain the expertise needed to analyze and counteract shellcode, a critical skill in advanced malware analysis and cybersecurity.
This section provides an in-depth exploration of ransomware analysis, focusing on the DarkSide ransomware.
Through hands-on exercises, students delve into the techniques used by ransomware developers to obfuscate and encrypt malicious payloads. Lessons cover initial analysis, identifying packed or encrypted sections, and using tools like IDA Pro to unpack and analyze runtime code.
Key topics include dynamic API resolution, rebuilding the Import Address Table (IAT), and decrypting and parsing the resource sections. Students learn to track ransomware behavior, such as machine fingerprinting, privilege escalation, and encryption routines, while also exploring methods for taking memory snapshots and reconstructing decrypted code for static analysis. This section equips learners with practical skills to dissect and understand the tactics, techniques, and procedures (TTPs) of ransomware.
This section focuses on analyzing .NET-based malware using advanced techniques. The lessons center on the SolarWinds Sunburst Backdoor, a sophisticated .NET-based threat. Students learn to decompile and examine malware using tools like dnSpy, explore function call trees, and uncover hidden malicious payloads embedded in legitimate code. Topics include understanding fingerprinting methods like concatenating machine GUIDs and MAC addresses, validating execution environments, and detecting domain-joined computers.
The course also covers how the malware conducts extensive enumeration of services, processes, and system drivers to evaluate attack viability and escalate privileges. Through step-by-step analysis, participants learn how the malware interacts with DNS and C2 servers, builds HTTP requests with disguised user agents, and exfiltrates config files containing sensitive system data. This section equips students with essential skills to dissect .NET malware and understand its stealth techniques.
“I want to recommend Uriel Kosayev as a quality professional security researcher and lecturer who knows how to guide his students, give the right word, and push them to success. I had the pleasure of being his student.”
Threat Researcher and Orion Malware Research Team Leader at Cynet
“The one and only master, thank you! Your knowledge and your passion for Cyber make you a great teacher!!!”
“Uriel is a great lecturer and person not only because of his knowledge in security research, offensive security, and Malware Analysis but also because of the passion that he provided me as a student to keep asking questions and research by myself. Uriel empowers his students with the theory behind the scenes, practical tools to handle complex problems, and the ability to empower the people who learned and work with us.”
“I want to say that Uriel Kosayev is one of the best researchers in the industry, with a lot of experience in the field of investigations and reverse engineering, I learned a lot from him. In addition, he has one of the best books on the market that teaches anti-virus bypass methods. I recommend everyone to acquire knowledge from Uriel!”
“Uriel is one of the best Cybersecurity trainers among all the people I have ever met. A rare combination of professionalism and high-quality delivery excellent and creative ways he delivers the material. On top of that, if you will ever be a student in his class, I can guarantee you that he will explain to you till you finally understand the learned material. A great lecturer and mentor!”
“I highly recommend Uriel as a Cybersecurity Specialist. I had the privilege of participating in his training session – it was an exceptional experience! Uriel delivered practical insights that significantly enhanced my and my Team's knowledge and skills in the field. The training was well-structured, engaging, and tailored to the latest industry trends. I am grateful for the opportunity to learn from Uriel and would eagerly participate in any future training sessions organized by him.”
Exclusive for TrainSec students, 20% discount:
20% off for Malware analyst professional students.
With features like MemProcFS for analyzing memory dumps, CDR for sanitizing files, and CSI tools for digital forensics, Threat.Zone provides a powerful environment for malware analysis and security investigations.
From Foundations to Advanced Expertise in Malware Analysis and Reverse Engineering
The Malware Analyst Professional course is a complete training program divided into two parts: Level 1 and Level 2, designed to take you from beginner to advanced expertise in malware analysis and reverse engineering.
Starting with Level 1 is crucial, as it provides the foundational knowledge, tools, and techniques. Level 2 builds on this base, diving into advanced topics such as code injection, unpacking packed malware, analyzing shellcode, and overcoming self-defending malware.