Introduction
- About your trainer
- Course objectives
- Course road map
- Introduction to Digital Forensics process
X
X
X
X
X
Excluding Cybersecurity for executives online training
Master the skills of incident analysis, evidence collection, log file analysis, network analysis, creating indicators of compromise (IoC) and memory forensics.
Intermediate
$1,400 $1,120 inc. tax per learner
Prerequisites
Intermediate
$1,400 $1,120 inc. tax per learner
Prerequisites
Incident specialists, emergency response services, and digital forensics researchers are all united by in-depth knowledge in the field of digital forensics. To become a part of this community, you can turn to our Windows Digital Forensics course, which is designed specifically to provide you with the necessary knowledge and practical experience, drawing upon the extensive experience of experts from the Kaspersky Global Emergency Response Team (GERT).
Our high-level expert in the field of digital forensics, Ayman Shaaban, will introduce you to some important areas, including basic technical concepts and definitions, and explain the incident response, and how digital forensics is part of the process.
He will also demonstrate the analysis of various Windows artifacts with all the necessary tools gathered in one place — in your virtual environment. You will also be able to apply technical analysis yourself in a simulated active compromised directory to detect malicious traces of cyber attack.
Our course emphasizes practical application, mirroring real-world scenarios to provide participants with a comprehensive understanding of incident response, allowing participants to gain invaluable insights and hands-on experience. By the end, you’ll be proficient in incident scoping, evidence acquisition, log file analysis, network analysis, creation of Indicators of Compromise (IoCs), and memory forensics. Armed with this knowledge, you’ll be better equipped to detect and mitigate threats swiftly, minimizing their impact and containing the damage effectively.
Digital Forensics and Incident Response Group Manager
Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009, where he participated in building digital forensics labs, and provided response and analysis for cyber incidents in different industries. Additionally, he has developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security, and he obtained various DFIR certificates. In 2016 he published his book “Practical Windows Forensics”.
InfoSec professionals
For incident response and digital forensics teams, working in a dynamic environment and willing to continuously enhance their practical skills in digital forensics.
Cybersecurity consultancies
The course is designed for specialist consultancies that aim to equip their teams with relevant practical skills, enabling them to offer forensics investigation services to their clients.
Enterprises
For cybersecurity professionals who would like to upgrade technical analysis skills in the digital forensics domain.
Guided video lectures
Learn from incident response expert Ayman the Global Emergency Response Team, GERT, who has years of experience working in real-world investigations.
Practical virtual laboratory
Practice in our fully configured virtual laboratory on real-world incidents.
Interactive learning
The course is based on progressive learning with a consistent modular structure based on expert reviews of each task, practical work in a virtual laboratory and detailed step-by-step solutions.
6 months to complete your course
Course delivered in English with English subtitles
Pace Self guided learning that fits around your life
100 hours in browser based Virtual lab with hands on training
Browser based via desktop, mobile or tablet
50+ videos to guide you through the course
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Member of Kaspersky Global Emergency Response Team (GERT)
Incident response
With this course you will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs and also get introduced to memory forensics.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
This course is your gateway to unlocking the full potential of a powerful reverse engineering tool Ghidra for advanced malware analysis.
Ghidra isn’t just a tool; it’s your strategic advantage in the digital realm. Gain hands-on experience, master scripting, and navigate complex malware analysis with confidence, all while following the lead of Kaspersky’s cybersecurity experts.
Immerse yourself in the realm of advanced malware analysis with Ghidra, guided by industry luminaries Igor Kuznetsov and Georgy Kucherin. Empower your InfoSec career to confidently tackle real-world
threats or elevate your organization’s cybersecurity posture.
Advanced
$1,800 $1,440 inc. tax per learner
Prerequisites
Advanced
$1,800 $1,440 inc. tax per learner
Prerequisites
As the digital realm continues to expand, the challenges associated with it grow as well. Enter Ghidra, a powerful tool that has become indispensable for InfoSec specialists. Whether you’re an individual looking to enhance your career prospects or a business striving to fortify its digital stronghold, Ghidra is the compass guiding you through the intricate terrain of malware analysis and reverse engineering.
Developed by experts at the Kaspersky Lab, the “Advanced Malware Reverse Engineering with Ghidra” course is your gateway to unlocking the full potential of this invaluable tool.
Created by luminaries in the field such as Igor Kuznetsov, Director of GReAT, and Kaspersky security researcher Georgy Kucherin, this course is designed to empower you with the skills and knowledge necessary to navigate the complex world of malware analysis.
The course is tailored to provide a robust foundation in Ghidra. Starting with mastering the basics of Ghidra, you’ll embark on a journey that de-mystifies the malware analysis workflow. Explore data types, structures, and external type definitions. Learn basic and advanced-level Ghidra scripting in Python and Java, find out how to identify run-time library code and much more.
Let’s embark on this transformative training course together, where understanding Ghidra isn’t just an achievement — it’s a strategic advantage.
Director, Global Research & Analysis Team (GReAT)
Igor is the Director of the Global Research & Analysis Team (GReAT) at Kaspersky. His research focuses on investigating malware campaigns and employing reverse engineering techniques to understand advanced malware. His profound knowledge and skills have proven instrumental in understanding and countering complex cyber threats. He has more than 20 years of reverse engineering experience.
Security Researcher, Global Research & Analysis Team (GReAT)
Georgy Kucherin is a Security Researcher at Kaspersky’s renowned Global Research and Analysis Team. Georgy demonstrates an unwavering passion for unraveling the intricacies of complex malware and employing reverse engineering techniques to analyze and understand its inner workings. With a strong background in cybersecurity research, Georgy has contributed significantly to the field through his comprehensive investigations into advanced persistent threats (APTs) such as FinFisher, APT41, and Lazarus. Georgy actively shares his research findings at prominent conferences, including SAS, VirusBulletin, and other renowned gatherings, where his presentations captivate audiences and contribute to the collective knowledge of the cybersecurity community.
– Ghidra overview
– Building Ghidra on Windows, macOS, Linux
– Introduction to the Metasploit sample
– Settings overview, configuring familiar controls
– Basic analysis workflow
– Using Data Type Manager to import type libraries
– Using Ghidra’s parser to import C headers
– Applying structure pointers
– Working with linked lists and adjusting shifted pointers
– Analyzing code that uses PE header structures
– Introduction to scripting
– Analyzing an API hashing algorithm with Ghidra
– Implementing an API hash analysis script in Python and Java
– Introduction to the Mettle sample
– Using a library (.so file) to create a function identification database
– Using Ghidra’s headless mode to create a function identification database from an archive (.a) file
– Introduction to the Calypso sample
– Studying capabilities related to structure pointers, such as automatic recognition of structure fields
– Tips and tricks for working with function pointers, such as applying API function signatures for them
– Ghidra’s decompiler internals overview
– Advanced-level scripting: coding a stack string analysis script using knowledge of decompiler internals
– Learning to expand Ghidra’s capabilities using the Eclipse IDE
– Coding an API hash analysis extension for Ghidra
InfoSec professionals
Perfect for seasoned reverse engineers, incident responders, and digital forensics experts, this course takes your cybersecurity prowess to new heights through an advanced acquaintance with the Ghidra tool.
Cybersecurity consultancies
The course will empower your personnel with the mastery of Ghidra, enabling them to provide unparalleled cybersecurity solutions and deliver top-tier malware analysis services to clients.
Enterprises
Elevate your organization's cybersecurity and SOC teams. Upon completing the course, they'll become experts in conducting a comprehensive malware analysis using Ghidra, capable of uncovering actionable insights that bolster your organization's security framework and enhance incident response strategies.
Guided video lectures
Dive into the Ghidra tool usage through the expert lectures that break down complex concepts into easily digestible segments.
Virtual Lab
Step into a secure virtual environment created specifically for the course, where you can apply your skills without risk.
Iterative learning
Embrace a learning journey that adapts to your pace. Benefit from iterative exercises, quizzes and experts’ solutions that reinforce your understanding, ensuring mastery of each topic before moving forward.
6 months to complete your course
Course delivered in English with English subtitles
Self guided learning that fits around your life
100 hours in browser based Virtual lab with hands on training
Browser based via desktop, mobile or tablet
40+ videos to guide you through the course
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Reverse engineering
Strengthen your skills in advanced static techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!
Reverse engineering
The course features static and dynamic analysis of some outstanding and unique mobile malware including Android and iOS samples.
Reverse engineering
Get first-hand knowledge and best practices from exclusive research of 10 targeted malware cases used in the wild by powerful APT actors.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
“This course taught me how to write YARA rules efficiently and how to make them work faster. Throughout the training I’ve learnt lots of tips and tricks about the creation of YARA rules.”
Course Learner
Use our virtual lab to complete 20+ practical exercises, all based on Kaspersky’s exclusive APT research.
Take your cybersecurity skills to the next level by learning how to identify threats quicker and with less effort.
All levels
$850 $680 inc. tax per learner
Prerequisites
All levels
$850 $680 inc. tax per learner
Prerequisites
“Only our course teaches you how to write solid and fast Yara rules while developing a threat hunting mentality that will be respected & valued.”
Have you ever wondered how Kaspersky’s GReAT experts discovered some of the world’s most famous APT attacks? Now, the answer is within your reach.
Our specialists have poured years of experience from the prominent cases they have worked on into our online Threat Hunting with Yara training. Course leader Costin Raiu, a 25 year veteran of the threat hunting industry, will teach you the unconventional ways of working with Yara so that you can find threats of the same magnitude as his team.
Specifically designed for self-paced learning, our course is deeply practical and enables you to learn-by-doing, hunting for real threats in our dedicated Virtual Lab. Using world-renowned cases like BlueTraveller, Sofacy & WildNeutron as the basis of the course, Costin shares insights and techniques from his team’s exclusive research on these cases. This knowledge will enhance your career and improve your organisation’s threat defences.
Security Researcher
Costin is one of the founders of Kaspersky’s industry leading Global Research and Analysis Team (GReAT), the team that researched the inner workings of Stuxnet, Duqu, Flame, Carbanak, Turla, Lazarus, the Equation Group and many more.
Costin has over 25 years’ experience in cybersecurity and specializes in analyzing Advanced Persistent Threats and high-level malware attacks.
He is a member of the Virus Bulletin Technical Advisory Board and the Computer AntiVirus Researchers’ Organization (CARO) as well as a reporter for the Wildlist Organization International.
Meet Director of GReAT and ninja master Costin Raiu, your tutor for the course, and get an introduction to Yara syntax along with design tips.
Interesting strings and PE structure fields. To hunt down suspicious malware, look for the clues.
A good Yara rule should be able to hunt out the existence of threats while protecting normal files.
What happens when threats become more sophisticated? Luckily, Yara has some modules that can be used to your advantage.
VirusTotal Intelligence (VTI) works natively with Yara. Master these two pieces of software and you might find something that was previously undetected.
Learn about wildcards through exercises featuring the Equation group and Sofacy, some of the most sophisticated cyber espionage groups to have ever existed.
Gets hands-on in the virtual lab with exercises based on WildNeutron, Eye-Pyramid and other famous cases.
Find out how you can dump OLE files to identify features that can be then be used for Yara detection.
Search for suspicious techniques and write effective Yara rules based on the Freaky Shelly case, Lazarus / Bluenoroff and other advanced cases.
Complete your training by finding out how you can use automatic Yara generators, how you can set up a Yara environment within your own organization and how you can hunt threats when you even don’t know what you are looking for.
InfoSec professionals
IT Security professionals will learn how to advance their career as a threat hunter and hunt threats more efficiently.
Enterprises
Train your teams to find new malware samples, exploits and zero-days and speed up incident response. Improve your organizations’ defenses with custom rule
Video lectures featuring Costin Raiu
Learn from a 25 year Threat Hunting ninja and Director of Kaspersky’s industry leading Global Research and Analysis Team.
Active learning
Engaging learning tools & quizzes to support effective knowledge transfer.
Hands-on virtual lab
Work with real cases like BlueTraveller and DiplomaticDuck in our virtual lab.
6 months to complete your course from activation of your access code
Courses delivered in English with subtitles
Self-guided learning that fits around your life
It will take you approximately 15 hours to finish the course
PDF downloads of training materials & tips
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)
Costin Raiu, Director of GReAT, Kaspersky
Over 50 videos to guide you through the course
100 hours of virtual lab time for hands-on learning
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Threat hunting
Stay ahead of the game with the latest tips, tricks and techniques for creating and implementing Suricata rules for malware detection and threat research.
Threat hunting
Master the skills to implement security monitoring processes and key security operations to effectively detect and investigate malicious activity and threat hunting.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
Stay ahead of the game with the latest tips, tricks and techniques for creating and implementing Suricata rules for malware detection and threat research.
Stay ahead of the game with the latest tips, tricks, and techniques for creating and implementing Suricata rules. Learn the most cutting-edge methods for network security to keep pace with the rapidly evolving world of cybersecurity.
Start your acquaintance with Suricata rules under the guidance of Kaspersky’s top expert from the Global Research and Analysis Team (GReAT), Tatyana Shishkova, who has years of experience creating and implementing Suricata rules in real-life cases.
The course is designed to take you on a journey from the basics of Suricata rules for different network protocols to the most advanced features and techniques.
“As a security professional, this self-paced course with extensive research resources is an invaluable asset when tackling malware and threat research tasks.”
Sam Mohammad
All levels
$890 $712 inc. tax per learner
Prerequisites
All levels
$890 $712 inc. tax per learner
Prerequisites
Suricata is the foundation for effective intrusion detection and prevention. With cyber attacks on the rise it’s more crucial than ever for businesses, enterprises or cybersecurity consultancies to have a comprehensive security strategy in place. And that’s where Suricata rules come to the rescue.
The “Suricata for Incident Response and Threat Hunting” course from Kaspersky xTraining is the ultimate training program taught by Kaspersky’s leading security researcher who has spent years on the front lines of cyber defense, Tatyana Shishkova. She will share unique insights and sophisticated tips and tricks, giving you an unparalleled understanding of the IDS/IPS within the Suricata rules framework.
The course is created for companies aiming to power up their security policy and individual learners, looking to advance their career in cyber security. Whether you’re a beginner specialist or a seasoned professional in security or SOC analysis, security administration, malware research or incident response, it will give you the knowledge and skills to stay ahead of the ever-evolving threat landscape.
Learn how to write and implement Suricata rules to detect and block even the most advanced threats. Gain a deep understanding of how the framework works, and how to use it for identifying and responding to attacks in real-time. Get practical experience to enhance your network security with hands-on exercises and various real-life scenarios.
Lead Security Researcher, GReAT
Tatyana Shishkova is a Lead Security Researcher with more than seven years’ experience in network traffic analysis. Working at Kaspersky for more than a decade, she specializes in reverse engineering and network intrusion detection using Suricata.
Tatyana is a regular speaker at major cybersecurity conferences, including PHDays, SuriCon, SAS, and Botconf.
Cybersecurity consultancies
Train your consultancy team to create and fine-tune Suricata rules for maximum effectiveness so to provide more effective services to their clients.
Enterprises
Advance your SOC or cybersecurity team’s skills to implement effective network security policies moving towards detecting and preventing cyber attacks before they cause organisational damage.
InfoSec professionals
Advance your career as an incident responder, malware researcher, or security analyst. Get to know more about developing and deploying effective Suricata rules to prepare yourself for more advanced threats.
Guided video lectures
Learn Suricata rules with guided video lectures, providing in-depth explanations of each topic and exercise.
Virtual lab
Practice your new skills in a safe virtual environment. Designed especially for our Suricata course, your virtual environment is loaded with all the tools you need to help you learn and succeed.
Iterative learning
The course is designed with an iterative learning approach with consistent modules based on specialist overviews of each task, practical work in a Virtual Lab and detailed expert solutions.
6 months to complete your course from activation of your access code
Courses delivered in English with subtitles
Self-guided learning that fits around your life
It will take you approximately 18 hours to watch the videos
PDF downloads of training materials and tips
Browser-based via desktop, mobile and tablet (excludes virtual lab which requires an RDP client)
Member of Kaspersky Global Research and Analysis Team (GReAT)
30+ videos to guide you through the course
Safe virtual environment for hands-on learning
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Threat hunting
Learn to write reliable and fast YARA rules with GReAT experts using real-life cases to improve your threat hunting skills
Threat hunting
Master the skills to implement security monitoring processes and key security operations to effectively detect and investigate malicious activity and threat hunting.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
This course equips you with the skills to understand, manage, and lead your organization through cyberthreats, ensuring your business.
Dive into essential cybersecurity concepts and apply them directly to your business. Hands-on exercises,
tailored to your company’s needs, enable you to fortify your defenses and make immediate, strategic decisions.
Access the insights of Kaspersky’s top managers and experts distilled into understandable terms.
Uncover the intricate connection between cyber threats and business, guided by industry leaders with a deep understanding of executive requirements.
All levels
$2,220 inc. tax per learner
Powered by Kaspersky Academy
All levels
$2,220 inc. tax per learner
Powered by Kaspersky Academy
The “Cybersecurity for Executives” online training course was prepared by Kaspersky’s top managers and experts specifically for executives and leaders.
After taking this course, you will understand how cyber risks impact the effectiveness of your business and how to manage these risks.
During the course, you will get to know how cyber threats can affect your company and how to protect your staff and business from cyberattacks; you will learn how to plan your company’s cyber security trajectory, manage cyber crises and communicate incident information; you will learn how to make strategic decisions, assess risks and behave safely by applying the rules of cyber hygiene.
Upon completion of the course, you will be able to skillfully interact with IT and information security experts and easily incorporate cyber security protocols into your business. The program includes short video modules and hands-on cyber risk management exercises, allowing you to apply the theory in the context of your own organization.
Chief Executive Officer of Kaspersky
Head of KasperskyOS Business Unit
Cybersecurity Expert
Head of Public Affairs, APAC & META
Head of Enterprise Sales, Global Sales
Senior Product Trainer
Director, Global Research & Analysis Team
Head of Security Services Analysis
Security Researcher
Security Researcher
Managing Director, APAC
About the course
What cybersecurity is
Why cyber risks are the responsibility of a manager
What are the costs of cybersecurity risks for business?
Cybersecurity risks in practice: successful and failed cases
Methods and approaches in cyber risk management
Cyber-attackers’ tools
Cyber-attacks. Which companies are vulnerable to them?
Mass and targeted attacks, data leaks
Cyber hygiene and cyber security training
Cybersecurity of a company
Cybersecurity services
What to do after a cyber attack
Communication during an incident
Cyber threats: statistics and attack vectors
Industry 4.0. and the Internet of Things
Security perimeter
Cyber-immunity
C- level executives of enterprises and SMB companies
This course provides an essential basis for the safe management of businesses & teams, allowing participants to gain comprehensive knowledge on how to build an effective cyber-defense, manage cyber risks and make strategic decisions in conjunction with the IT and cybersecurity departments.
Guided video lectures
LMS adapted for both mobile and desktop formats. Content is in the microlearning format (3-6 minutes videos) with tests and assignments for better knowledge consolidation.
Iterative learning
The course is designed with an iterative learning approach with consistent modules based on specialist overviews of each task, practical work in a virtual lab and detailed expert solutions.
Practical guidelines and checklists
The course contains ready-to-use materials that can be used in a daily workflow and distributed throughout the company.
12 months from the moment of course activation to completion of your training
Course delivered in English with English subtitles
Self-guided learning that fits around your life
50+ videos to guide you through the course
Browser-based via desktop, mobile or tablet
Kaspersky-branded document certifying the completion of the course, signed by the course leader(s) on a PDF
Cyber risks management
In this training, you’ll learn how to evaluate a product’s security; identify, prioritize and model threats; review code for security, and even delve into code fuzzing.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
Master the skills to implement security monitoring processes and key security operations to effectively detect and investigate malicious activity and threat hunting.
One hundred hours of practice in the virtual lab are included in your course – you can put your newly acquired knowledge to practice immediately!
The course covers a wide range of SOC expertise that will be equally challenging to both entry-level and mid-level SOC professionals.
Intermediate
$1,400 $1,120 inc. tax per learner
Prerequisites
Intermediate
$1,400 $1,120 inc. tax per learner
Prerequisites
Big companies with complex IT infrastructure need to protect it – or face the consequences of being compromised. Sophisticated attackers can bypass automatic defenses unnoticed. Here’s where Security Operations Center (SOC) comes to the rescue, bringing the expertise and skills of its professionals for upgraded business protection.
Developed by Kaspersky’s own SOC experts, this course offers a comprehensive training to SOC analysts and other staff dealing with security operations. The knowledge you will get is practical and tested: our experts update it daily, provide security to Kaspersky itself and deliver on-site training to clients all over the world.
During the time on the course, you will get to know the diverse roles within a SOC, its services and use cases, get acquainted with the modern attack tactics, techniques, and procedures, and learn how SOC helps deal with them. Within the numerous extensive practice sessions in the restricted areas of the virtual labs, you’ll get an opportunity to develop your skills in incident detection and investigation.
Kaspersky SOC Analyst and Researcher
Dmitriy is a Kaspersky SOC analyst, working in operation and research areas. He joined the company in 2019 and now performs real-time investigations of detected threats and the analysis of fresh APT threats that were observed around the globe. Dmitriy is responsible for the optimization of SOC operations, he helps to automate the SOC routines through the development of Jupyter notebooks, as well as robots for repeatable actions. He contributes to Kaspersky SOC’s Threat Hunting activities, like the creation of TH hypothesis, hunting for malicious indicators and converting successful cases into new threat detection rules.
Head of Kaspersky SOC
Sergey started his career over 20 years ago as a software developer, writing in C and Perl. After working as a sysadmin of security systems, he became a member of a SOC team and was engaged in threat detection and incident investigation. Currently, Sergey is the head of Kaspersky SOC, responsible for internal SOC activities at the company as well as external managed detection and response and Compromise assessment services. Sergey is a certified information systems security professional (CISSP, OSCP) and auditor (CISA).
Head of Kaspersky SOC Consulting
Roman has 13-years experience in Information Security mainly focused on SOC areas. He started his career as a security engineer and advanced to manage a team specializing in building SOC platforms for big national organizations. Working internationally on various challenges, like designing threat detection frameworks, Roman became a certified ArcSight instructor. Back in Russia, he developed a cyber security platform handling 2 million security events per second at the country’s biggest bank.
Now at Kaspersky SOC Consulting, he focuses on a complex approach that includes all areas of SOC/MSS/CERT design and architecture, establishing operations and development planning. Roman is an acknowledged professional holding certificates like CISSP, CISM, CISA, GNFA, GCIH.
SOC People
SOC Services
SOC Technologies
SOC development and maturity levels
Lab: WMI consumer hunting
Lab: Linux service hunting
Lab: Domain name hunting
Windows Credentials and authentication
Lab: Password credentials in SAM and NTDS
Lab: Password credentials in memory
Lab: Security support providers
User Rights
Lab: Windows Privileges
Lab: Windows services exploitation
Lab: Pass the token and Impersonation
Kerberos
Lab: Kerberoasting
Lab: AS-REP roasting
Lab: Silver ticket
Lab: Golden ticket
Windows Security Auditing
Lab: Windows Security Audit
Linux general information
Linux security
Mandatory access control
Lab: Openssl. Attack Overview
Lab: Openssl. Investigation
Lab: Sudo privilege escalation. Attack Overview
Lab: Sudo privilege escalation. Investigation
SOC analysts and specialists
For cybersecurity specialists involved in security operations and threat hunting.
Enterprises
For teams and enterprises focusing on threat hunting.
Guided video lectures
Learn from more than 60+ videos by the top-notch Kaspersky SOC experts, sharing their practical experience and hacks.
Hands-on virtual lab and various environments within
Practice in our fully configured virtual lab - and experience various environments to hunt a wide range of threats.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
6 months to complete your course from activation of your access code
Delivered in English with subtitles
Self-guided learning that fits around your life (It will take you approximately 18 hours to watch the videos)
100 hours of virtual lab time for hands-on learning
PDF downloads of training materials & tips
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)
Course author Members of Kaspersky Security Operations Center
60+ videos to guide you through the course
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Threat hunting
Learn to write reliable and fast YARA rules with GReAT experts using real-life cases to improve your threat hunting skills
Threat hunting
Stay ahead of the game with the latest tips, tricks and techniques for creating and implementing Suricata rules for malware detection and threat research.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
With this course you will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs and also get introduced to memory forensics.
Master different tools including: ELK stack, PowerShell, Suricata, YARA and more in the fully configured virtual lab environment.
Learn from Kaspersky incident responders with more than 10 years of experience in the field.
Intermediate
$1,170 $936 inc. tax per learner
Prerequisites
Intermediate
$1,170 $936 inc. tax per learner
Prerequisites
“You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics.”
Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts.
The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case.
You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips.
A Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.
Digital Forensics and Incident Response Group Manager
Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009. During his career, he has participated in building digital forensics labs and providing response and analysis for cyber incidents in different industries. He developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security. Ayman obtained different DFIR certificates and in 2016 he published his book “Practical Windows Forensics”.
Cybersecurity expert
Kai started his career in the information security domain in 2010 as a security consultant and joined GERT in 2016 as an incident response specialist. Throughout his career, he has been involved in building digital forensic labs and providing responses to different variants of cyber incidents around the world. Beside the development and delivering of DFIR training globally, he also designs, conducts and evaluates tabletop exercises. Kai holds several international certifications like GCFA, GCFE, ECIR, ECTHP, CCSK, CISM and ISO/IEC 27035) and also a Diploma in Business Informatics (FH) and a M.Sc. in Digital Forensics.
Foundation of information security. Cyber kill chain. Open-source intelligence.
Incident response process: from preparation to post-incident.
Live analysis on the victim machines with IRCD and PowerShell.
Triage approach. Triage acquisition with Kape, Paladin, FTK-imager and Velociraptor. Applied sessions with FTK imager and Velociraptor.
Memory forensics with the volatility framework.
Log file analysis using command line tools up to ELK.
Network IOCs: Dumping network traffic. Network intrusion detection with Suricata. Network analysis tools.
Scanning for Indicators of Compromise (IOC). Host-based IOC scanning with YARA.
InfoSec professionals
For cybersecurity professionals who would like to upgrade technical analysis skills in the incident response domain.
Enterprises
For incident response and digital forensics teams, who are continuously enhancing their practical skills in incident remediation.
Guided video lectures
Learn from Incident Response experts Ayman and Kai from the Global Emergency Response Team, GERT, who have years of experience working on real-live investigations.
Hands-on virtual lab
Practice in our fully configured virtual lab on real-life incident case.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
6 months to complete your course from activation of your access code
Courses delivered in English with subtitles
Self-guided learning that fits around your life
It will take you approximately 15 hours to finish the course
PDF downloads of training materials & tips
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)
Members of Kaspersky Global Emergency Response Team
Over 40 videos to guide you through the course
100 hours of virtual lab time for hands-on learning
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Incident response
Master the skills of incident analysis, evidence collection, log file analysis, network analysis, creating indicators of compromise (IoC) and memory forensics.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
Participants ‘learn by doing’ using the hands-on virtual lab to practice on malware samples used in the wild by powerful APT actors.
Strengthen your skills with advanced static analysis techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!
Igor Kuznetsov is a Chief Security Researcher at Kaspersky. He participated in Kaspersky research on the most notorious APT campaigns and he’s packed the course full of his expertise and exclusive techniques.
Advanced
$2,700 $2,160 inc. tax per learner
Prerequisites
Advanced
$2,700 $2,160 inc. tax per learner
Prerequisites
Kaspersky opens a treasure-box: our legendary training program on Advanced Malware Analysis Techniques. It helps established reverse engineers, incident responders & digital forensics specialists level-up their work on cybersecurity incidents and become unique experts.
The main focus of the course is advanced static analysis because for cybersecurity incidents involving previously unseen malicious code, this is the most reliable way to determine functionality of the code and find actionable artefacts. It allows organizations affected by APTs to define adequate damage assessment and incident response.
The course also heavily features our exclusive know-hows on the automation of decryption, decoding and other processing of the samples which helps not only optimize routine tasks, but preserves your work in the code. You will be introduced to a custom static analysis framework (available for download), proven to be very efficient during decades of Kaspersky APT research.
Igor Kuznetsov, the course author, has participated in Kaspersky research on the most notorious APT campaigns. He has cherry-picked exercises from his own work to cover generic approaches to analysis in IDA Pro, using all important features and also to demonstrate unique cornerstone cases that require special treatment, which will super- charge your skills for the future.
Welcome to the elite club of malware researchers!
Director, Global Research & Analysis Team (GReAT)
Igor is the Director of the Global Research & Analysis Team (GReAT) at Kaspersky. His research focuses on investigating malware campaigns and employing reverse engineering techniques to understand advanced malware. His profound knowledge and skills have proven instrumental in understanding and countering complex cyber threats. He has more than 20 years of reverse engineering experience.
Igor specializes in investigating malware campaigns and reverse engineering advanced malware. His areas of expertise include cyber-espionage and highly-targeted attacks, advanced threat actors and APTs; cyber-warfare, cyber-weapons such as Stuxnet, Duqu, Flame, Gauss; ATM security. Igor regularly provides training sessions on advanced malware analysis.
Introduction into IDA work flow and shellcode analysis. Main features of IDA required to reverse engineer: code, functions, structures, structure offsets. Reconstructing the metasploit’s API hashing algorithm.
Practicing shellcode analysis: extracting the C&C from the Metasploit shell, code and data flow analysis, manual reconstruction of a structure, stack layout.
Unpacking a real-life sample found at a bank and analyzing the shellcode. Proceeding through all the layers of an msvfenom-wrapped Metasploit shellcode to extract the network IOC.
Introduction into static decryption, decrypting files using a static analysis framework. Practice on the Bangladesh CB heist case (Lazarus).
Introduction into decryption of malicious Windows PE files (a Regin driver). Dealing with malicious samples with blocks of encrypted data and RVA/RAW offsets.
Static analysis of a Sofacy OSX sample. Dealing with separate strings decrypted with a dedicated function. Reconstructing the decryption routine.
Full-scale reverse engineering of a single PE file (a driver from Equation). Using knowledge from tracks 1-6 to preprocess all encrypted data and then walk through all the code, reconstructing the business logic of the driver in IDA.
DIY disassembly and API hashing. Creating your own tiny disassembler to extract the API hashes from hand-written assembly code and then reconstructing an API hashing algorithm to revert all the hashes to API names. Using IDC files to transfer results to IDA.
Introduction to document-based exploit payloads: analysis of a malicious RTF example (RedOctober dropper) where you need to locate the exploit code, unpack several layers till you get to the final payload. Generic approach to dealing with weaponized RTF documents and embedded shellcode.
Exploit analysis of a malicious Word document (Office Equation exploit). Generic approach to analyzing OLE2 objects.
Practice: analysis of a weaponized OLE2 file embedded in an RTF container (CloudAtlas). Extracting several layers till the final payload.
Static analysis of a ROP chain from a PDF document (with Miniduke from). Generic mechanics of a ROP chain, reconstructing the business logic from code snippets.
Introduction to bytecode-compiled Python samples. Practice using a decompiler to extract the source code.
Generic approach to dynamic decryption/unpacking. Extracting the payloads from Cridex samples using the debugger.
Decompiling and analyzing .NET bytecode. Dynamic extraction of the payload.
Introduction to the Golang binaries. Static analysis, built-in structures, strings. Extracting and decrypting string constants.
InfoSec professionals
The course is intended for established reverse engineers, incident responders and digital forensics practitioners seeking to level up their work with cybersecurity incidents.
Enterprises
After completing this training your cybersecurity or SOC team will be able to implement full dynamic and static analysis of malware efficiently, automate routine tasks and find detailed actionable items for protection of your organization & incident response.
Cybersecurity consultancies
Specialist consultancies who need to train their team on relevant practical skills will also benefit from this course: their personnel will level up and will be able to create more effective cybersecurity products and malware analysis services for clients.
Guided video lectures
Learn from Igor Kuznetsov, Chief Security Researcher and member of Kaspersky’s revered Global Research and Analysis Team.
Hands-on virtual lab
Practice in our fully configured virtual lab on real targeted malware cases like Lazarus, Sofacy, Regin, Equation, RedOctober, Miniduke and Carbanak.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
6 months to complete your course from activation of your access code
Courses delivered in English with subtitles
Self-guided learning that fits around your life
100 hours of virtual lab time for hands-on learning
Static analysis framework, scripts from exercises and training materials are available for download
Browser-based via desktop, mobile & tablet
Igor Kuznetsov, Director of the Global Research & Analysis Team (GReAT)
About 60 videos to guide you through the course
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Reverse engineering
This course is your gateway to unlocking the full potential of a powerful reverse engineering tool Ghidra for advanced malware analysis.
Reverse engineering
The course features static and dynamic analysis of some outstanding and unique mobile malware including Android and iOS samples.
Reverse engineering
Get first-hand knowledge and best practices from exclusive research of 10 targeted malware cases used in the wild by powerful APT actors.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
You’ll get 100 hours of access to the restricted virtual environment to securely practice reversing the samples and playing with them for your skill development.
We demonstrate static and dynamic reversing of infamous malware samples like MagicKarakurt and LightSpy for Android and iOS, and the DuKong framework. You’ll get a detailed view with comments from our expert of the samples you’re unlikely to find in any other course
Watch as Victor shows you his skills and tricks in dynamic instrumentation, native API hooking, return value dumping, unpacking, function resolving using Ghidra plugins and more!
Intermediate
$890 $712 inc. tax per learner
Prerequisites
Intermediate
$890 $712 inc. tax per learner
Prerequisites
With almost everyone in the world owning a smartphone that effectively mixes the person’s private area and work lives, keeping systems intact has become a growing challenge for corporate IT security and SOC teams.
Mobile malware is often used in cyberattacks against organizations by both cybercriminals and sophisticated APT actors, so the ability to counter such attacks is crucial for corporate security teams.
The Mobile Malware Reverse Engineering training is based on Kaspersky’s vast experience in this field and authored by one of the leading experts on mobile malware – Victor Chebyshev. The course features static and dynamic analysis of some outstanding and unique malware samples like MagicKarakurt, LightSpy and the DuKong framework.
By taking this online course you will:
You will immediately put your new knowledge to practice in our restricted virtual lab where you can safely reverse the dangerous malware samples we introduce you to.
Security Researcher
Victor Chebyshev is an experienced specialist with deep knowledge of Android, Linux and Mac OS malware. Victor regularly provides customer training on these subjects and has presented his malware research at various cybersecurity conferences, like the SAS, the RSA Conference etc.
Course Introduction. Introduction to the Virtual Lab
Mobile malware essentials Android. Mobile malware essentials IOS.
Introduction to DuKong. Solution: introduction to DuKong. Stager functionality. DuKong: payload decryption. Solution: decryption. DuKong payload analysis. DuKong: wrap-up
LightSpy: The Story. Solution: Surface Analysis. LightSpy Unpacking. LightSpy: Wrap-up
MagicKarakurt: The Story. Surface Analysis. Solution: Surface Analysis. Dive Into Native. Dynamic Config Dumping. MagicKarakurt: Wrap-up.
LightSpy iOS: The Story. Solution: Surface Analysis. Code Analysis. LightSpy iOS: Wrap-up. Course Summary.
Corporate IT security managers
Mobile malware poses a significant threat to enterprise IT networks – in the course we show practical techniques to deal with them. The course is a great tool to upgrade your security team’s ability to counter various cyber threats.
Reverse engineers and SOC professionals
Mobile malware has its own unique features which attackers use in their activities. The knowledge gained on this course will take your professionalism to the next level.
Guided video lectures
Learn from well-explained videos by a top expert on mobile malware, who shares his practical experience and hacks.
Hands-on virtual lab
Practice in our fully configured virtual lab to tinker with the malware samples and get the best of them.
Structured flow
The course is built around progressive learning with a consistent module framework. Each module is based on a specialist overview of each task, practical work in the virtual lab and detailed solution walk-throughs.
6 months to complete your course from activation of your access code
Courses delivered in English with subtitles
Self-guided learning that fits around your life
It will take you approximately 3.5 hours to watch the videos
PDF downloads of training materials & tips
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)
Leading security researcher of mobile malware
20+ videos to guide you through the course
100 hours of virtual lab time for hands-on learning
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Reverse engineering
This course is your gateway to unlocking the full potential of a powerful reverse engineering tool Ghidra for advanced malware analysis.
Reverse engineering
Strengthen your skills in advanced static techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!
Reverse engineering
Get first-hand knowledge and best practices from exclusive research of 10 targeted malware cases used in the wild by powerful APT actors.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!
Participants ‘learn by doing’, using the hands-on virtual lab to work on fresh targeted malware samples used in the wild by powerful APT actors.
Get to know the advanced features of tools like IDA Pro and develop up to date knowledge through recent APT cases.
Kaspersky experts have poured more than 10 years of reverse engineering experience and their exclusive research into the course.
Intermediate
$1,400 $1,120 inc. tax per learner
Prerequisites
Intermediate
$1,400 $1,120 inc. tax per learner
Prerequisites
“The online format of Kaspersky’s training helps more engineers upgrade their reversing skills and become confident users of our software disassembly product, IDA Pro.”
Skilled reverse engineers aren’t born – they’re made by experience. If you are a cybersecurity specialist with a good understanding of malware analysis methodologies & tools and are looking for more confidence in applying your skills, you can bridge the gap by working hands-on with real-life cases.
With this challenge in mind, our intermediate-level course is built around analysis of 10 targeted malware cases used in the wild by powerful APT actors recently. Cases including MontysThree, LuckyMouse & Lazarus have been researched personally by our trainers as part of their work in the Kaspersky GReAT team – so you will get first-hand knowledge and best practices from their exclusive research.
By working in the dedicated virtual lab, using an array of tools like IDA Pro, Hex-Rays decompiler, Hiew, 010Editor and many others, you will gain practical experience analyzing real-life targeted malware and will become a more efficient malware analyst and reverse engineer and prove your skills are relevant to today’s threat landscape.
Security Researcher
Denis Legezo is a GCFA certified Security Researcher. He specializes in targeted attack research, static reverse engineering. Denis regularly provides training on these subjects and has presented his targeted malware research at SAS, RSA Conference, Virus Bulletin, HITB.
Security Researcher
Ivan Kwiatkowski is an OSCP and OSCE-certified penetration tester and malware analyst. He maintains an open-source dissection tool for Windows executables and his research has been presented during several cybersecurity conferences. He operates an exit node of the Tor network and also delivers reverse-engineering training in Europe.
Meet your trainers and get to know the course in more depth. Then go in to the Chafer APT to learn more about encryption algorithms (Windows CryptoAPI) and how enumerators and debug data help to understand the code.
Combination of static and dynamic analysis: how to use disassembler and debugger in parallel & how to dump decrypted data from memory.
Exploited documents analysis. The tricks in position independent code. Get to know the exploit stages: egg-hunting, decryption, dynamic functions’ address resolution.
Meet interpreted code and understand how it differs from compiled code. Static and dynamic script deobfuscation.
Using IDA Pro’s scripting abilities to automate string decryption.
How LNK-based infection chains work and how to deobfuscate PowerShell scripts.
Reversing steganography algorithms, importing the custom structure descriptions, exporting embedded encryption keys and scratching the surface of C++.
Reverse-engineering x64 malware and reconstructing a custom network protocol from a malware sample.
Reverse-engineering Linux programs including backdoors and rootkits.
Reverse-engineering Linux programs including backdoors and rootkits.
InfoSec professionals
The course is intended for security researchers and incident response personnel or students, malware analysts, security engineers, network security analysts, APT hunters and IT security staff working in SOCs who are seeking to expand their skills in reverse-engineering.
Enterprises
Whether you’re looking to up-skill your current cybersecurity or SOC team or create a new in-house unit, this course will considerably improve your organisation’s defences against targeted malware.
Cybersecurity consultancies
Specialist consultancies who need to train their team on relevant practical skills to be able to offer malware analysis services to their clients will also benefit from this course.
Video lectures featuring Kaspersky researchers
Learn from Ivan Kwiatkowski and Denis Legezo, Security Researchers.
Hands-on virtual lab
Learn how to use tools like IDA Pro through real targeted malware cases like Lazarus, LuckyMouse and MontysThree in our fully configured virtual lab.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
6 months to complete your course from activation of your access code
Courses delivered in English with subtitles
Self-guided learning that fits around your life
100 hours of virtual lab time for hands-on learning
PDF downloads of training materials & tips
Browser-based via desktop, mobile & tablet
Ivan Kwiatkowski and Denis Legezo, Security Researchers at Kaspersky GReAT
Over 50 videos to guide you through the course
>PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)
Reverse engineering
This course is your gateway to unlocking the full potential of a powerful reverse engineering tool Ghidra for advanced malware analysis.
Reverse engineering
Strengthen your skills in advanced static techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!
Reverse engineering
The course features static and dynamic analysis of some outstanding and unique mobile malware including Android and iOS samples.
Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!