Intro to Malware Analysis

Malware Analysis: Foundations & First Response

When a strange binary shows up on a system, the first few hours of analysis matter. This class walks through the practical workflow used by analysts to build an initial profile of unknown malware safely, methodically, and without jumping to conclusions.

We’ll start with static analysis (file type, strings, packers, imports), move into behavioral analysis inside a controlled lab, and finish with a structured approach for mapping what the sample is trying to do: persistence, exfiltration, C2 activity, privilege changes, and system modifications. By the end, you’ll know how to form an evidence-based outline of how the malware works and how serious the threat might be.

This session is designed for beginners with curiosity, not prior experience.

What you will learn:

• How to build a safe malware analysis environment (VM isolation, snapshots, tooling).
• How to examine malware using static analysis inside a controlled lab.
• Recognizing indicators of packing, obfuscation, or malicious behavior.
• How to watch what malware actually does during controlled execution.
• How to track filesystem, registry, network, and process behavior.
• Understanding persistence mechanisms.
• How to produce an “Initial Analysis Report” within the first 1–2 hours.
• Ethical, legal, and safety considerations for malware work.

Requirements:

• A Windows 10 or higher laptop capable of running virtual machines
• (Please contact us in advance if assistance is needed with this requirement)

This class has a limit of 10 people