3 days10:00 – 16:00

Malware Analyst

Learn how to analyze malware found during incident response engagements or forensic analysis of infected objects.


There is a secret weapon that can turn the tide in any digital forensics investigation or incident response engagement: malware analysis. The Malware Analyst specialization is gaining popularity in the cybersecurity community because it teaches specialists the ability to lend insight into a threat actor’s behavior and modus operandi. This ultimately helps forensic teams respond to breaches and prevent future attacks more effectively.

Malware analysis is one aspect of the wider practice of reverse engineering, which is the key to uncovering a threat actor’s closely guarded tactics, techniques, and procedures (TTPs).

Like all Group-IB courses, Malware Analyst lessons are made up of practical exercises based on real cases handled by the company’s DFIR team.

Course description:

The course is broken up into three days. The first day is focused on theory and serves as an introduction to malware analysis, during which you’ll be introduced to assembly programming language.

Days 2 and 3 will be dedicated to learning the techniques used within the malware analysis process. Each day is split into two sections: a short theoretical section and a longer one for practical exercises. Throughout the two days, you will receive helpful links and tools that you can immediately apply in your day-to-day operations. Exercises will be performed individually and then discussed as a class afterward.

Day 1

The training begins with a brief introduction to malware analysis, including the different elements of the process and the techniques used by malware. This will help you better understand how malware analysis fits within the reverse engineering process, which is a vital aspect of successful incident response and investigations. Next, you’ll move to assembly language, and specifically assembly commands and how to read executable code. You will be asked to complete practical exercises to test and improve your code-reading skills.

Day 2

For the following two days, you will dive into dynamic and static analysis, which when mastered guarantees high success rates during malware analysis. Day 2 will focus on dynamic analysis, and specifically on the techniques used in the field today. You will also learn how to work with sandboxes and perform basic malware detonation in virtual machines. The theory portion will end with a discussion on debugging and its role in malware analysis.

Day 3

The last day of the course is all about static analysis. You will be taught all the tools used for static analysis and reverse engineering, particularly IDA Pro. The software, a vital tool to have in a malware analyst’s toolkit, will be the main focus of the lesson. After practicing, you will perform mixed exercises involving dynamic and static analysis used together. Once feedback has been given on all exercises, the malware analysis process will be demonstrated in full, from start to finish.

To successfully pass the course the participants should have basic programming skills and knowledge about assembly language.

After this course, you’ll be able to:

  • Understand the techniques used by malware
  • Perform malware detonation in a controlled environment
  • Reverse engineer malware using debuggers and IDA Pro
  • Perform dynamic and static analysis
Who can benefit from this course?
Incident Response professionals
Technical specialists with IS experience
Digital Forensics specialists
SOC teams

What you’ll receive

Lecture videos and practical materials used during training

Personal certificate of completion

Valuable information that you can put into practice

Valuable insight on malware analysis and how it can fit in IS practices

Why Group-IB?

Experience in international investigations

Our training courses are based on 1300+ successful investigations worldwide.

Technical expertise

All courses are led by GCFA-, EnCE- and MCFE-certified experts.

Practicing experts

The course instructors are current Group-IB specialists, which translates to the most up-to-date and first-hand information for course participants.

Stimulating practical training

Practical exercises based on real-life cases make up 70% of the course.

Continuously updated program

Course materials are regularly updated with new cases from Group-IB’s experience, which ensures that the course program always reflects the latest trends.

Comprehensive development

Group-IB’s training courses provide a wide range of competencies for creating an effective information security department in any company.

Individual learning approach

Send us a request for an individual consultation on Group-IB technical training courses

Get new report
Ransomware Uncovered 2021/2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®


We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.