We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close

Contact us

Ask a question?

If you want to know anything about the course, we’re here to help.


Go to the Codebreakers competition here

Advanced Malware Analysis Techniques

Course overview

Kaspersky opens a treasure-box: our legendary training program on Advanced Malware Analysis Techniques. It helps established reverse engineers, incident responders & digital forensics specialists level-up their work on cybersecurity incidents and become unique experts.

The main focus of the course is advanced static analysis because for cybersecurity incidents involving previously unseen malicious code, this is the most reliable way to determine functionality of the code and find actionable artefacts. It allows organizations affected by APTs to define adequate damage assessment and incident response.

The course also heavily features our exclusive know-hows on the automation of decryption, decoding and other processing of the samples which helps not only optimize routine tasks, but preserves your work in the code. You will be introduced to a custom static analysis framework (available for download), proven to be very efficient during decades of Kaspersky APT research.

Igor Kuznetsov, the course author, has participated in Kaspersky research on the most notorious APT campaigns. He has cherry-picked exercises from his own work to cover generic approaches to analysis in IDA Pro, using all important features and also to demonstrate unique cornerstone cases that require special treatment, which will super- charge your skills for the future.

Welcome to the elite club of malware researchers!

100% practical and real-life

Participants ‘learn by doing’ using the hands-on virtual lab to practice on malware samples used in the wild by powerful APT actors.

Advance your static malware analysis

Strengthen your skills with advanced static analysis techniques, get to know decrypting frameworks to automate your tasks to make your reversing skills unique!

Learn with the best

Igor Kuznetsov is a Chief Security Researcher at Kaspersky. He participated in Kaspersky research on the most notorious APT campaigns and he’s packed the course full of his expertise and exclusive techniques.

All Levels



$2,700 inc. tax per learner  

Enroll my team
Request demo access

Training objectives:

By the end of this training you will be better able to:

  • Analyze modern complicated code samples, from receiving the initial artefact, all the way to producing a technical description of the attacker’s TTPs with IOCs
  • Produce static decryptors for real-life scenarios and then continuing with in-depth analysis of the malicious code
  • Analyze malicious documents that are typically used to deliver initial payloads and know how to extract them
  • Ensure damage assessment and incident response efforts are accurate and effective

Key topic areas:

  • In-depth analysis of disassembled code
  • Identification of common cryptographic algorithms
  • Developing own decryptors for common scenarios
  • Automating common reverse engineering tasks
  • Analyzing exploit payloads
  • Recognizing typical code constructs
  • Class and structure reconstruction
  • Analyzing decompiled bytecode
  • Dynamic unpacking, decryption
Igor Kuznetsov

Your course leader

Igor Kuznetsov,

Chief Security Researcher

Igor is the Chief Security Researcher in the Global Research & Analysis Team (GReAT) at Kaspersky. He has more than 20 years of reverse engineering experience.

Igor specializes in investigating malware campaigns and reverse engineering advanced malware. His areas of expertise include cyber-espionage and highly-targeted attacks, advanced threat actors and APTs; cyber-warfare, cyber-weapons such as Stuxnet, Duqu, Flame, Gauss; ATM security. Igor regularly provides training sessions on advanced malware analysis.

Who it's for


InfoSec professionals
The course is intended for established reverse engineers, incident responders and digital forensics practitioners seeking to level up their work with cybersecurity incidents.


After completing this training your cybersecurity or SOC team will be able to implement full dynamic and static analysis of malware efficiently, automate routine tasks and find detailed actionable items for protection of your organization & incident response.

Cybersecurity Consultancies

Cybersecurity consultancies
Specialist consultancies who need to train their team on relevant practical skills will also benefit from this course: their personnel will level up and will be able to create more effective cybersecurity products and malware analysis services for clients.

How you'll learn


Guided video lectures
Learn from Igor Kuznetsov, Chief Security Researcher and member of Kaspersky’s revered Global Research and Analysis Team.

Active Learning

Hands-on virtual lab
Practice in our fully configured virtual lab on real targeted malware cases like Lazarus, Sofacy, Regin, Equation, RedOctober, Miniduke and Carbanak.

Virtual Lab

Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.


What you will reverse:

  • Real-life malware from APT cases
  • x86/64 Intel code
  • Windows PE (including Go), Mac OS X Mach-O files, raw shellcode for Windows
  • RTF, OLE2, PDF documents
  • .NET and Python bytecode

How you will reverse:

  • Static analysis mostly, dynamic analysis exercises are present as well
  • Primary tool: IDA Pro
  • Automation using Python 3
  • Most tracks include code templates that need to be filled in / modified to solve the exercises
  • The scripts are written in Python 3 and most are standalone, but several IDAPython scripts are also included in the exercises

Benefits for you

While samples cannot be downloaded, you can download static analysis framework, scripts from the exercises and the training materials.

Access Icon
6 months to complete your course from activation of your access code Bullet Tick
Pace Icon
Courses delivered in English with subtitles Bullet Tick
Course Duration
Self-guided learning that fits around your life Bullet Tick
Browser-based access to virtual lab
100 hours of virtual lab time for hands-on learning Bullet Tick
Downloads Icon
Static analysis framework, scripts from exercises and training materials are available for download Bullet Tick
Mobile Access
Learning environment
Browser-based via desktop, mobile & tablet Bullet Tick
Course Author
Course author
Igor Kuznetsov, Chief Security Researcher at Kaspersky GReAT Bullet Tick
Guided Videos Icon
Guided videos
About 60 videos to guide you through the course Bullet Tick
Technical Support Icon
Platform support
Platform support and help from our subject matter experts is available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com Bullet Tick
Dollar Icon
Special offer
If you’re already an xTraining learner then contact us at help.kaspersky.com for a special discount Bullet Tick
Certification Icon
Certificate of completion
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) Bullet Tick

$2,700 inc. tax per learner   

Enroll my team
Request demo access