Home >> Training >> Malicious Document Analysis Training
Term description:

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview):

You have been recruited as the head of information security of a reputable organization, with over 125,000 hosts and 50,000 users. The organization has invested in top-of-the-line perimeter defenses, including firewalls, intrusion detection and prevention systems, virtual private networks (VPNs) and content filtering technologies. The organization also has "well trained" incident responders and intrusion detection analysts who monitor the entries network vigilantly. The employees of this entity are often trained on opening email attachments, even though they may be scanned by the content filtering technologies that you just purchased and deployed.

The perimeter defenses are configured with very simple but stringent rule-sets to prevent cyber adversaries from infiltrating your network. Everything is going well, when on the eve of your long-planned Mediterranean cruise, you receive a call stating that several employees have received some suspicious documents through email and web downloads. You direct the security team to scan the documents for a possible virus, but no virus was detected. Soon the team observes some strange command-and-control communications being initiated from the user systems to an IP address in a foreign country. Unfortunately, the cable news networks are covering the cyber intrusion of your organization and your career is at stake for not preventing this attack in the first place.

Although no anti-virus software was able to detect a malware, your analysts have captured the suspicious document, but lack the knowledge and resources to provide prompt answers to the provocative questions being ask by upper management. Do you have the requisite skills to provide quick and accurate answers pertaining to the above incident and mitigate future attempts?

Cyber attackers now use malicious documents as an attack vector to bypass enterprise perimeter defensive measures and anti-virus solutions. NetSecurity's Hands-On How-To® Malicious Document Analysis course teaches students how to analyze malicious documents such as Microsoft Office and Adobe Acrobat PDF files for the presence of hidden malware. Course participants learn the tools and techniques for reverse-engineering malicious documents, finding and extracting hidden code, Shellcodes, JavaScripts, and VBA macros from an infected document. Students also learn how to disassemble and examine these malicious codes to understand their intent and capabilities. The Hands-On How-To® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS, VA, BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To® Malicious Document Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools
Target Audience:

The Malicious Document Analysis course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts
Course Format:
  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing malicious code analysis

Course Duration: One (1) Day

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Malicious Document Analysis course, each participant will be armed with the knowledge, tools, and processes required to analyze malicious Microsoft Office and Adobe PDF files for the presence of hidden malware. Students learn the tools and techniques for disassembling and reverse-engineering malicious documents, finding and extracting hidden codes, Shellcodes, JavaScripts, and VBA macros from an infected document. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Topics Discussion and HOHTLEs
    • Document Structures
    • PDF Document Structures
    • Microsoft Office Document Structures
    • Document Vulnerabilities
    • PDF  Vulnerabilities
    • Potentially Dangerous PDF Functions
    • Office Documents Vulnerabilities
    • Tools of the Trade
    • OfficeMalScanner
    • MalHost-Setup
    • Offvis
    • PDFiD
    • PDF-parser
    • Origami (Walker, PDFscan, Extractjs)
    • Malzilla
    • DisView
    • PDF StructAzer
    • Many more
    • Malware Extraction
    • Malware Codes/Specimens (Shellcodes, JavaScripts, and VBA macros)
    • Locating Malicious Code in a Document
    • Extracting Malware from PDF Documents
    • Extracting Malware from Office Documents
    • Extracting Infected Documents from RAM
    • Malware Analysis
    • Static Analysis of Malware Specimen
    • Dynamic Analysis Malware Specimen
    • Reverse-Engineering & Disassembling Malware

    Detailed syllabus is available.

    Course Schedule and Registration:

    Course schedule and registration information is available here.

    Back to Top