Summary

This 1-day course is ideal for intermediate or advanced level IDA users. The training is structured similarly to a standard analysis workflow It starts with identifying and unpacking malware, including basic and sophisticated packers, while tackling common scenarios encountered in the process. Attendees will learn to work through defeating API hashing and string encryption within malware, leveraging plugins, and building their own custom tooling with IDA Python. From there, the session will conclude with gaining additional insights into analyzing further advanced malware techniques such as AV evasion, anti-analysis tactics, and advanced injection methods.

Duration

1 day

Delivery mode

Online, Instructor-Led

Level

Advanced

Price

1399 VAT excl.

Session 1: Unpacking Malware

Approx. 2h
  • Identifying packers
    • Techniques for detecting packers via binary metadata
  • Unpacking basic packers
    • Overview of common packer structures
    • Standard approaches for unpacking
  • Unpacking advanced packers
    • Evaluating unpacking difficulty using sample metadata
    • Handling second-stage obfuscation, such as API wrappers

Session 2: Reversing Malware Obfuscation

Approx. 2.5h
  • Dynamic API Imports
    • Concepts of dynamic API imports and API hashing
    • Strategies for resolving API hashes
    • Utilizing IDA Python for API brute-forcing and resolution
  • String Encryption
    • Detecting string encryption in samples
    • Identifying encryption algorithms
    • Techniques for decrypting encrypted strings
    • Leveraging IDA Python to decrypt all embedded strings

Session 3: Identifying Malware Anti-Analysis/Anti-AV

Approx. 2h
  • ETW Bypasses
    • Introduction to Event Tracing for Windows (ETW)
    • The necessity for malware to evade ETW
    • Analysing ETW bypasses/evasion
  • API Unhooking
    • Overview of basic API hooking
    • Understanding Endpoint Detection and Response (EDR) hooks on low-level libraries
    • Reversing methods malware uses to unhook APIs
  • Syscalls
    • Explanation of Windows syscalls
    • Common usage scenarios of syscalls in malware
    • Identifying syscall usage
    • Reversing syscall functionality
  • Generic Advanced Anti-Analysis
    • Code checksums for tamper detection
    • Breakpoint checks & circumventing them
    • Understanding and potentially breaking environment keying

Good stuff. Good trainer. All in all great with a very deep dive into the technical details and absolutely worth attending.

Prerequisites

Computer Requirements
System & Tooling Requirements
  • Has IDA installed with a valid license for at least the Disassembler and a minimum of 1 Decompiler - we can provide a license for training if need be
  • Runs Windows (Intel), Linux (Intel), or macOS (ARM or Intel) matching your IDA license
  • Has IDAPython (Python 3.8+) installed
  • Has a stable internet connection
  • Can join Google Meets video conferencing, preferably with an active microphone, but not required

Enroll to one of our next sessions

Advanced: Malware Techniques

Nov 4, 2025 10:00 UTC+1 (Paris)

Enroll now

Advanced: Malware Techniques

Dec 2, 2025 10:00 UTC-5 (New York)

Enroll now

Trainer

Daniel B.

Daniel spends his days as a Principal Malware Reverse Engineer, predominantly focused on E-Crime malware, occasionally branching out to APT. Outside of his day job, he runs 0ffset Training which offers practical and affordable cyber security training, with a primary specialization in malware analysis and malware reverse engineering - he co-developed the Zero2Automated course. Outside of malware, he's interested in exploit development and threat intelligence.

Daniel is a longtime IDA user with over 7 years under his belt (keyboard?), mostly focused on the static analysis side of the house. He’s going on his second year of teaching our Advanced Malware class.

Products

IDA Home
IDA Pro
IDA Free
IDA Classroom
IDA Pro OEM
Private Lumina Add-on
Teams Add-on
Training courses

Case studies

Malware Analysis & Digital Forensics
Vulnerability research & penetration testing
Dynamic Analysis & Debugging
Automotive Security
Interoperability
Software Assessments

Classroom

IDA Classroom Free
Classroom discount for IDA Pro

Resources

Documentation
Forum
Blog
Community plugins

Pricing

For organizations
For individuals
For education providers
Our reseller partners

Company

About us
Careers
Privacy notice
Terms of use
Cookies notice
Contact us

Connect with the community on

X Mastodon LinkedIn YouTube

© 2025 Copyright Hex-Rays