The lesson plan is in three parts :<br>
– What is a malware: taxonomies and different types and capabilities of malware. Analysis of classic schemes of compromises and adjacent infrastructures.<br>
– Malware analysis; Review of the basics needed for Windows process and assembly language operation. Triages techniques, dynamic and static analysis. Use of debugger, decompilers and disassembler. Using flow control graphs. Use of forensic detection tools.<br>
– Technique used by malware; Obfuscations of code, function call and flow. Encryption, polymorphisms and variations, Stealth.