Malware types classification (viruses, worms, trojans, ransomware, APTs), Infection vectors (phishing, drive-by, supply chain), Malware evolution (polymorphic, metamorphic, fileless), Kill chain models (Cyber Kill Cha...
Malware types classification (viruses, worms, trojans, ransomware, APTs), Infection vectors (phishing, drive-by, supply chain), Malware evolution (polymorphic, metamorphic, fileless), Kill chain models (Cyber Kill Chain, MITRE ATT&CK), Indicators of Compromise (IOCs), Malware triage methodologies, Dynamic vs. static vs. behavioral analysis.
PE/ELF file format dissection (headers, sections, imports/exports), Packers and crypters detection (UPX, custom), Strings analysis and YARA rules, Hashing and fuzzy hashing (SSDEEP, imphash), Resource extraction (icons, embedded files), Static disassemblers (Ghidra, IDA Free), Control flow graphs and function identification.
Safe execution environments (VMware snapshots, Cuckoo Sandbox), API monitoring (APIMonitor, ProcMon), Behavioral analysis (network, filesystem, registry), Dynamic instrumentation (Pin, DynamoRIO), Memory forensics integration, Anti-analysis evasion detection (timing checks, debugger detection, VM artifacts), Sandbox escape techniques.
Assembly language essentials (x86/x64, ARM), Disassembly and decompilation, Calling conventions (stdcall, fastcall, thiscall), Function prologue/epilogue patterns, Data flow vs. control flow analysis, Symbolic execution fundamentals, Binary patching and code caves, Obfuscation reversal (control flow flattening, opaque predicates).
Rootkit analysis (SSDT hooking, DKOM), Kernel-mode malware, Anti-forensics (timestomping, log wiping), C2 communication protocols (HTTP, DNS tunneling, custom), Ransomware (crypto APIs, payment portals), APT persistence mechanisms, Firmware/BIOS malware, Mobile malware (APK analysis, Frida scripting).