SANS Digital Forensics and Incident Response Blog

Reverse Engineering Malware - FOR610 - in Phoenix, AZ

In February, Hal Pomeranz will be in Phoenix to teach FOR610: Reverse Engineering Malware. This advanced course at the SANS Institute has been incredibly valuable to investigators worldwide trying to fight the Advanced Persistent Threat (APT). The course runs from Monday, February 13, 2012 to Friday, February 17, 2012.

"This was a great course that really opened my eyes to new ideas, tools and procedures. One of the best courses that I have taken." Donald J. Price, Federal Bureau of Investigation

This popular malware analysis course has helped forensic investigators, malware specialists, incident responders, and IT administrators assess malware threats. The course teaches a practical approach to examining malicious programs-spyware, bots, trojans, etc.-that target or run on Microsoft Windows. This training also looks at reversing Web-based malware, such as JavaScript and Flash files, as well as malicious document files. By the end of the course, you'll learn how to reverse-engineer malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out!

Learn Malware Analysis to Improve Incident Response and Forensics Skills

This unique course provides a rounded approach to reverse-engineering by covering both behavioral and code phases of the analysis process. As a result, the course makes malware analysis accessible even to individuals with a limited exposure to programming concepts. The materials do not assume that the students are familiar with malware analysis; however, the complexity of concepts and techniques increases as the course progresses.

The malware analysis process taught in this class helps incident responders assess the severity and repercussions of a situation that involves malicious software. It also assists in determining how to contain the incident and plan recovery steps. Forensics investigators also learn how to understand key characteristics of malware present on compromised systems, including how to establish indicators of compromise (IOCs) for scoping and containing the intrusion.

""I'm leaving with new tools and approaches to ensure that my exams are as complete and accurate as possible." Jimmy Weg, MT Dept. of Justice

Top 5 reasons why SANS Phoenix 610 is the must attend course this winter!

1. If you want to learn everything there is to know about Malware Analysis from those who accomplish it daily - FOR610 is the class for you.

2. The larger conferences are wonderful for networking, but they typically have above average class sizes. Events like Phoenix are a personal favorite as Hal gets to know each student personally and am able to focus specifically on their specific learning needs. Usually, the class will choose a night to meet for dinner after an @Night presentation. Get more for your training dollar by attending the smaller SANS events such as FOR610 in Phoenix, AZ.

3. SANS @Night used to be found only at larger events. Now each smaller conference also features this wonderful way to continue learning into the evening.

4. We have noticed that at smaller SANS events the classes get to know each other more. While networking at larger events is great, we have found that many of these students become closer because they feel more comfortable in the small classroom setting.

5. Many students tell us that Phoenix is their secret destination in the winter. It is warm and the hotel is next to many restaurants, a movie theater, and shopping. As cold as this winter is, we are looking forward to having a nice dinner outside. The highs this week when the rest of the United States is freezing is in the 70s.

Come join Hal Pomeranz in Phoenix in February REGISTER TODAY!!