Malware Analysis and Reversing // Vitaly Kamluk, Kurt Baumgartner

In-Person | Nov 3-6 | 4 Days

BOOK NOW

ABSTRACT

In this course, you’ll explore both dynamic and static approaches to dissecting malware, learn the tools and platforms used for malware triage and reverse engineering. At the core of the training we place real malware samples and simulated exercises with benign applications, helping you to learn the concepts step by step. An all-in-one virtual machine will be equipped with tools, exercises, samples, and shared with you as a takeaway.

Malware Analysis and Reversing // Vitaly Kamluk, Kurt Baumgartner

In-Person | Nov 3-6 | 4 Days

BOOK NOW

INTENDED AUDIENCE

Participants interested in learning malware analysis basics, threat hunters, system and network administrators, SOC operators wishing to improve their cybersecurity skills, students exploring new opportunities.

KEY LEARNING OBJECTIVES

  • Tool Proficiency Across Ecosystem: Develop hands-on expertise with industry-standard tools including Ghidra, IDA, Binary Ninja, dnSpy, and x64dbg, Powershell ISE, and many others, using them for both static and dynamic analysis of executable code across several platforms.
  • Analysis Methodology: Identifying, parsing and analysing file formats, extracting metadata with tools. Choosing the best suitable tools, navigating views in the tools, following the execution control flow.
  • Malware Behavior Identification: Reverse engineer and analyze real-world malware samples, identifying its core behaviors.
  • Dynamic Debugging Skills: Gain fluency in x64dbg and dnSpy, Process Explorer and Process Monitor, strace and ltrace for dynamic analysis of applications, binary ninja and iaito, enhancing your ability to troubleshoot and understand live execution.
  • AI-Assisted Reverse Engineering: Apply and experiment with AI-assisted reversing, testing how AI can augment reverse engineering and critically assess both its strengths and limitations.
BOOK NOW

COURSE OUTLINE

DAY 1

  • Create your own malware analysis environment, overview of tools and their purpose
  • Understand differences in operating various platforms and architectures
  • Perform safe malware analysis with a virtual machine
  • First steps - analyze obfuscated and other malicious scripts
  • Deal with macro-weaponized MSOffice documents

DAY 2

  • Intro into executable formats and runtime on Windows/Mac/Linux
  • Understand debug and release code variants, compiler optimizations
  • Static and dynamic analysis with IDA Free, reverse-engineering C/C++ for Windows
  • Analyzing .NET applications

DAY 3

  • Understand position-independent code
  • Statics and dynamic shellcode analysis for x86/x64
  • Understand and defeat software packers

DAY 4

  • Embedded systems malware (IoT)
  • Triage and assess IoT malware: statically and dynamically
  • Using Ghidra

STUDENT REQUIREMENTS

This training is designed for both newcomers and those with prior experience, making it an excellent next step in your reverse engineering journey. While having some familiarity with Windows, foundational cybersecurity concepts, and a basic introduction to assembly and programming languages will certainly help, the only real prerequisites are a bit of hands-on experience and a strong curiosity to learn. We’ll begin from the ground up and walk you through every critical tool and technique step by step, ensuring a solid foundation as you progress.

SUGGESTED PREREQUISITES

  • Basic Knowledge of operating systems: Knowledge of Windows, Linux, MacOS operating systems, their setup and environment.
  • Understanding of malware risks: Experience or knowledge of risks when dealing with malicious objects, especially when detonating malware on a virtual machine.
  • Programming language basics: An introductory understanding of assembly language or familiarity with programming in C, .NET, shell scripting would be helpful.
  • Rudimentary networking concepts: General understanding of computer networking.
  • AI assistant (e.g. ChatGPT, Claude, Gemini): Free account will suffice.

WHAT STUDENTS WILL BE PROVIDED WITH

  • Presentation slides and other training materials
  • Virtual machines with malware analysis environment, tools, samples
  • Resources for further learning
  • Live chat with the trainers during the training and after

SYSTEM REQUREMENTS

  • Intel 64-bit i7+ (or equivalent) laptop with 16GB+ RAM
  • 64 GB of free disk space for VM
  • VirtualBox or VMware Workstation (Free version will suffice)
Laptops with Apple Silicon are NOT supported in this class. Please ensure that your laptop has an Intel or equivalent x86-64 processor.
BOOK NOW

YOUR INSTRUCTORS: Vitaly Kamluk, Kurt Baumgartner

Vitaly Kamluk is a cybersecurity researcher with 20+ years of work experience in anti-malware industry. Previously he was a Principal Security Researcher and used to lead a cyber threat intelligence team in Asia-Pacific focusing on APT and targeted attack investigations. Vitaly spent 2 years working at INTERPOL Digital Crime Centre as a cybersecurity expert. In 2024, he founded TitanHex, a company focusing on threat intelligence, cybersecurity R&D, and targeted attack investigations. Vitaly participates in infosec mentorship initiatives, volunteers to deliver free talks for the next generation of researchers, he is one of BlackHat speaker coaches. Over the years, he presented at many international security conferences including BlackHat, Defcon, Hitcon, BSides, Ruxcon, Sincon, FIRST, Botconf, AVTokyo and many others, as well as numerous invite-only events such as BTF, DCC, SAS, UE among others.

He is passionate about broad set of cybersecurity topics including reverse engineering, malware analysis, cyberthreat intelligence, computer forensics, cryptography, privacy, hardware hacking.

https://www.linkedin.com/in/vitalykamluk/

Kurt Baumgartner does security research at TLPBLACK. Previously, he worked for a well known international antimalware vendor for over a decade - hunting, discovering, reversing, and attributing new APT malware and activity. He currently pursues the crossover of APT activity and botnet technologies and got a collection of interesting IoT malware samples. Kurt develops YARA, fingerprints systems, and researches detection technologies. He is passionate about malware analysis and reverse engineering, he is an experienced public speaker and enjoys sharing his knowledge.

BOOK NOW
Cancellation Policy

COUNTERMEASURE25: 60+ days before the event 75% of fees refunded; 45-60 days before event 50% refunded, less than 45 days 0% refunded. Course changes are allowed up to 14 days before event start (some restrictions will apply). Attendee changes can be accommodated up to 14 days prior to the event.

Note: In the event of a class cancellation, Ringzer0 will endeavor to offer transfer to another training at no additional charge.

OTHER IN-PERSON TRAINING COURSES

Apple iOS Forensics
COUNTERMEASURE25 In-Person Training

Apple iOS Forensics

This course examines the challenge of examining Apple's proprietary iOS ecosystem, a common target for sophisticated cyberattacks. You'll learn foundational iOS security principles, practical forensic constraints, and methods and tools for extracting data in fully authorised forensic engagements.
READ MORE
Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated