We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close

Contact us

Ask a question?

If you want to know anything about the course, we’re here to help.


COMING SOON - Our brand new course, Advanced Malware Analysis Techniques. FIND OUT MORE HERE

The SAS’21 Online Training on Reverse Engineering Malware the Hard Way: Decryptors, C++ classes & Golang binaries

2 day expert-led training (20 seats only)

30th September & 1st October, 11am - 4pm UTC

This training is a unique opportunity for established reverse engineers, security researchers and malware analysts seeking to upgrade their skills, to join Kaspersky GReAT experts in real-time full-scale analysis of malware samples recently used in the wild. Participants will be guided by our researchers during the whole training and will follow them step-by-step in a dedicated virtual lab.

On the first day, attendees will work with Denis Legezo, thoroughly analyzing the C++ malicious downloader for Windows OS used recently by the Microcin threat actor. This sample allows you to go through all needed steps of C++ malware (written in C- like style, no STL or Boost here) analysis, including custom decryption, dynamic functions’ addresses resolving, understanding the structures and even follow some technical easter eggs like formula to get the weekday from the current date for custom scheduler.

On the second day, the training participants will dive into a Golang malware sample analysis with Igor Kuznetsov. They will start with a quick overview of a typical Golang binary by analyzing a go-socks5-based proxy, widely used by both red team professionals and malicious actors. Then, trainees will practice automating string decryption by analyzing and processing a sample of Snake (EKANS) ransomware that was used in targeted attacks against industrial companies.


Practice on real-life malware samples

Participants ‘learn by doing’, using the hands-on virtual lab to work on targeted malware samples used in the wild by powerful APT and e-crime actors.

Master advanced tools and techniques

You will practice reconstructing C++ classes and data structures, developing custom decryption scripts, and explore recent developments in Golang analysis.

Learn with the best

Analyze malware samples thoroughly under the guidance of Kaspersky GReAT experts.

All Levels

Intermediate level to advanced


$750 inc. tax per attendee (credit card payments only)


Who it's for

  • APT hunters
  • Malware analysts
  • Incident responders
  • Security researchers
  • Security engineers
  • Network security analysts
  • IT security staff working in SOCs


  • Basic knowledge of networking, programming concepts, OS internals etc.
  • Familiarity with x86/64 assembly language
  • Prior experience with IDA Pro
  • Basic knowledge of Python 3
  • Experience with C programming is especially helpful
  • You’ll be provided access to the virtual environment with everything set up for you
  • We recommend you to have two screens to see both the instructors and your tools simultaneously

Your Training Instructors

Igor Kuznetsov

Igor Kuznetsov,

Principal Security Researcher

Igor is the Principal Security Researcher in the Global Research & Analysis Team (GReAT) at Kaspersky. He has more than 20 years of reverse engineering experience.

Igor specializes in investigating malware campaigns and reverse engineering advanced malware. His areas of expertise include cyber-espionage and highly-targeted attacks, advanced threat actors and APTs; cyber-warfare, cyber-weapons such as Stuxnet, Duqu, Flame, Gauss; ATM security. Igor regularly provides training sessions on advanced malware analysis.

Trainer Dennis

Denis Legezo,

Senior Security Researcher

Denis Legezo is a GCFA certified Senior Security Researcher in the Kaspersky Global Research & Analysis Team (GReAT) since 2014. He specializes in targeted attacks research, static reverse engineering.

Denis regularly provides customer training on these subjects and has presented his targeted malware research at SAS, RSA Conference, VirusBulletin, HITB.

Technical requirement: Minimum internet bandwidth for one RDP session is 150 Kbps. Please check your connection speed with a remote access test: https://use.cloudshare.com/Ent/Machine.mvc/testpage#/ (choose the data center named EU Amsterdam).

Bootcamp dates and agenda

$750 inc. tax per attendee (credit card payments only)


*Training attendees are not required to participate in the main program of SAS.