GCP – Mandiant Academy: Basic Static and Dynamic Analysis course now available

Understanding malware functionality and analysis processes can be a thorny ball of string. To help IT and information security professionals, corporate investigators, and anyone else get started in pursuing malware analysis as a primary specialty, Mandiant Academy’s new “Basic Static and Dynamic Analysis” course can help enhance your binary triage toolkit. 

This course also provides critical core skills for digital forensics, threat research, and threat hunting. It offers practical techniques for static and dynamic analysis of malicious files, requiring minimal prerequisites. 

This is a hands-on course that puts participants on the front lines with realistic malware threats and the tools to understand them. Students will use a provided Virtual Machine to analyze and create their own controlled malware detonation environment.

Learn static analysis by exploring the Portable Executable (PE) file format, extracting metadata, and identifying relevant strings. Master dynamic analysis by observing malware in controlled environments, monitoring system events and network traffic, and unpacking/dumping running processes. 

Students will gain the ability to triage malicious compiled Windows PE files, improving their understanding of suspicious alerts and files.

After completing this course, participants should be able to:

• Explain the basics of malware analysis and Indicators of Compromise (IOCs) 

• Describe how malware analysis and IOCs fit into the investigative process

• Create a safe environment to examine and execute malware samples without risk to systems or networks

• Triage malware using hands-on basic static and dynamic analysis techniques 

The course consists of the following modules, with labs included throughout the instruction.

• Basic Static Analysis – An overview of the techniques, concepts, and tools needed to efficiently analyze malware without execution as well as a thorough introduction to the structure of the PE file format and its most commonly examined artifacts. This module also covers string data types, hashing and hash collisions, data encoding and encryption, and binary packing.

• Basic Dynamic Analysis – An overview of the tools and strategies needed to analyze malware in a controlled execution environment, including host activity monitoring and network interception, memory capture, and file and registry change detection.

While programming experience isn’t required, some knowledge in this area is beneficial. A strong background in computer science theory isn’t necessary, but a basic understanding of binary data and hexadecimal values is recommended, as is expert familiarity with operating system usage fundamentals such as using the command line, understanding executable file types, and basic programming concepts such as functions, variables, source code and compilation.

Sign up today

To learn more about Basic Static and Dynamic Analysis or to attend the course, please visit our website. You can access a wealth of knowledge through Mandiant Academy’s on-demand, instructor-led, and experiential training options. We hope this course proves helpful in your efforts to defend your organization against cyber threats.