For the past month, I’ve been on a quest to enhance my skills in the captivating field of cybersecurity. During a particularly dull evening, I remembered the absolutely fantastic courses offered by The Cyber Mentor Academy. Knowing their reputation for top-notch teaching materials, I logged into my account and discovered some hidden gems waiting for me. One course that caught my eye was PMAT (Practical Malware Analysis & Triage), and within minutes, I was engrossed in Matt Kiely‘s introduction. Now that I’ve completed it, I can’t wait to share my experience and the knowledge I gained.
As a red teamer and penetration tester, I wanted to expand my understanding of how blue teamers analyze my code when I manage to breach their networks and establish persistence. Well, this course provided all the answers I was seeking.
It’s worth noting that the course focuses solely on malware targeting Windows. Why Windows? Because it’s the most widely used operating system in the world. And as we know, the most used often means the most targeted. Statistics don’t lie. So, you’ll mainly delve into malicious programs within FlareVM, specifically designed to aid malware analysts.
You’ll start by analyzing basic malware using both static and dynamic analysis techniques. You’ll be introduced to a range of tools like floss, strings, PEview, PEstudio, and others, as well as various methodologies. Gradually, you’ll move on to more advanced topics, such as assembly, disassembling executables, debuggers, and more. Along the way, you’ll also get acquainted with new tools like the amazing cutter and x32dbg/x64dbg. The cherry on top is that each section comes with a challenge, allowing you to practice your newly acquired skills. And if you ever get stuck, the instructor will guide you step by step through the malware analysis process.
In the middle of the course, you’ll explore different malware analysis techniques and specialty classes. You’ll learn how to analyze, evaluate, and manipulate various types of malware, including Maldoc, Powershell, Shellcode, C#, Go, and Android APKs. It was thrilling to discover the techniques and tactics hackers employ to hide in the real world, making it difficult for malware analysts and incident response teams to decipher their malicious code. The section on C# malware provided valuable insights and advanced techniques that I can now apply in my daily work tasks.
The pinnacle of the course is the challenge of analyzing the infamous WannaCry malware (ever heard of it? :D). You’ll put all your techniques to the test as you dive into its malicious code, answer questions, and, if you’re up for it, write a comprehensive report. You’ll also learn about YARA and its rules, a powerful tool for identifying similar malware in the wild.
Personally, I thoroughly enjoyed this course. Even though I don’t plan on becoming a malware analyst myself, I’m seriously considering pursuing the Practical Junior Malware Researcher (PJMR) certificate. The incredible instruction provided a wealth of knowledge in an engaging and easy-to-understand manner, igniting my curiosity to venture into the wild, source malware samples from provided resources, and delve deeper into research. The only minor drawback I could mention is the absence of Linux malware coverage, but with such a boost, I feel confident in exploring that area independently.
A huge shout out to and thank you to TCM Security and Matt Kiely for delivering such an exceptional course! You’ve sparked my interest in a new realm to explore and dive into headfirst. The material is straightforward, intriguing, and expertly presented. Keep up the great work, guys!