Malware Analysis Professional Course Level 2 Trainsec
$350 or 3 × $121

Malware Analyst Professional - Level 2

Take your malware analysis skills to the next level with Malware Analyst Professional Level 2! Led by Uriel Kosayev, founder of TrainSec Academy, this course dives into advanced malware dissection, attacker methods, and reverse engineering tools like IDA Pro and x64dbg. Covering x86 architecture, Windows API analysis, code injection, packed malware, and shellcode, it equips you to excel as a professional malware analyst.

58 Lessons

$350

or $121 x 3 installments
  • Full Lifetime Access
  • 30 Day Money-Back Guarantee
  • Installments available
  • Online community
Buy Now
blue depth
Uriel Kosayev

Uriel Kosayev

Security Researcher, Trainer & Speaker | Author of the Antivirus Bypass Techniques book & founder of TrainSec

@MalFuzzer

Cybersecurity researcher and red teamer who lives both on the offensive and defensive fronts. The author of the “Antivirus Bypass Techniques” book, expert in malware research, reverse engineering, penetration testing, digital forensics, and incident response

Uriel’s publications

Uriel Kosayev
Twitter Linkedin Youtube Github
Uriel's Courses
Antivirus Bypass Techniques book

Only for students in this course

30% off Antivirus Bypass Techniques book

Learn practical techniques and tactics to combat, bypass, and evade antivirus software Enroll in this course and receive a 30% discount on the best-seller Antivirus Bypass Techniques book.

Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.

Apply for a discount

Malware Analyst Professional Level 2 Course Contents

Take your malware analysis skills to the next level with Malware Analyst Professional Level 2, the ultimate course for mastering advanced malware dissection and reverse engineering.

Building on the foundational knowledge from Level 1, this program, led by Uriel Kosayev—founder of TrainSec Academy and an expert malware researcher—dives deep into the techniques and tools used to analyze and counter sophisticated cyber threats. The course begins by solidifying your understanding of reverse engineering, exploring x86 architecture, assembly language, memory layouts, and debugging techniques using tools like IDA Pro and x64dbg. You’ll gain practical insights into analyzing Windows API functions, understanding their role in malware behavior, and utilizing resources like MSDN documentation for in-depth analysis.

Delving into offensive tactics, the course covers code injection techniques, including CreateRemoteThread and process hollowing, providing hands-on examples of how malware manipulates processes.

You’ll also explore the self-defense mechanisms of malware, such as anti-debugging, anti-virtual machine detection, and anti-antivirus strategies, learning to identify and overcome these countermeasures. A key focus is unpacking packed malware, where you’ll practice manually unpacking real-world examples like the WannaCry ransomware and packers like UPX, PECompact, and ASPack. Finally, you’ll master shellcode analysis, dissecting and reverse engineering malicious payloads to uncover their functionality and impact.

By the end of this comprehensive program, you’ll have the expertise to dissect complex malware, understand attacker methodologies, and use industry-standard tools effectively. This course is your gateway to becoming a highly skilled malware analyst, ready to tackle the most challenging cybersecurity threats.

Chapters included in this course

Introduction to Reverse Engineering

This section lays the foundation for reverse engineering in the context of malware analysis. It begins with a course overview by Uriel Kosayev, detailing the advanced topics to be covered. The lessons then introduce reverse engineering as the process of uncovering the inner workings of software, using tools such as disassemblers, decompilers, and debuggers. Core concepts of x86 architecture, including CPU components, memory layouts, and the interaction between RAM, the CPU, and registers, are explained in detail. Further, the section delves into assembly language operations like PUSH, POP, and control flow instructions, emphasizing their importance in analyzing malicious binaries. The final lesson explores bitwise operations (AND, OR, NOT, XOR) and their applications, providing practical examples to enhance understanding. By the end of this section, students acquire a solid technical foundation for diving deeper into malware reverse engineering.

Understanding Windows API Functions

This section explores the critical role of Windows API functions in malware analysis and reverse engineering. It begins with an introduction to how these functions serve as a bridge between software and the operating system, enabling processes to interact with system resources. Students learn to configure debug symbols to enhance the debugging experience and navigate MSDN documentation to understand API functions effectively. Advanced lessons delve into analyzing API calls, identifying their purpose, and using tools like IDA Pro and x64dbg to trace their execution. By the end of this section, students gain a comprehensive understanding of Windows APIs and their significance in dissecting malware functionality.
  • 1 - Introduction to Windows API Functions • 11 mins • 43.5 MB
  • 2 - Configuring Debug Symbols • 3 mins • 7.97 MB Preview
  • 3 - Reading MSDN Documentation • 9 mins • 33.8 MB
  • 4 - Understanding Windows API Functions - Part 1 • 23 mins • 109 MB
  • 5 - Understanding Windows API Functions - Part 2 • 6 mins • 52 MB

Code Injection

This section dives into the techniques and mechanisms of code injection, a common tactic used by malware to manipulate processes. It starts with an introduction to the concept of code injection and its relevance in cybersecurity. Lessons cover the classification of various injection methods, including their characteristics and use cases. The section provides an in-depth exploration of process injection techniques, such as CreateRemoteThread, which allows injecting code into remote processes, and Process Hollowing, a method for replacing legitimate code with malicious payloads. These techniques are broken down into practical steps, with examples and tools to help students identify, analyze, and counteract such methods. By the end, students gain valuable skills to detect and understand code injection, a critical component of advanced malware analysis.

  • 1 - Introduction to Code Injection • 5 mins • 26.5 MB
  • 2 - Process Injection Classification • 2 mins • 7.87 MBPreview
  • 3 - Process Injection using CreateRemoteThread • 6 mins • 43.1 MB
  • 4 - Process Hollowing - Part 1 • 11 mins • 64.7 MB
  • 5 - Process Hollowing - Part 2 • 11 mins • 98.5 MB
  • Process Injection Poster - Part 1.pdf • 69.8 MB
  • Process Injection Poster - Part 2.pdf • 68.1 MB
  • CreateRemoteThread.cpp • 4.36 KB
  • Process Injection.PNG • 65.9 KB
  • High-Level Code Injection Steps

Dancing with Self-defending Malware

This section explores the sophisticated techniques used by malware to evade detection and analysis, equipping students with the skills to counter these defensive measures. The introduction sets the stage by explaining the concept of anti-analysis tactics employed by malware. Subsequent lessons dive into anti-debugging methods that hinder debugging tools, and anti-virtual machine (anti-VM) techniques that detect and avoid running in virtualized environments. Finally, the section addresses anti-antivirus (anti-AV) strategies, illustrating how malware bypasses traditional security software. Through practical examples and detailed explanations, students gain insights into recognizing and overcoming these self-defense mechanisms, a critical aspect of malware analysis.

  • 1 - Introduction to Anti-Analysis • 9 mins • 29.5 MB
  • 2 - Anti-Debugging - Part 1 • 10 mins • 34.3 MB
  • 3 - Anti-Debugging - Part 2 • 4 mins • 22.6 MB
  • 4 - Anti-VM - Part 1 • 8 mins • 44.8 MB
  • 5 - Anti-VM - Part 2 • 10 mins • 51.2 MB
  • 6 - Anti-VM - Part 3 • 9 mins • 57.4 MB
  • 7 - Anti-AV 6 mins • 37.7 MB
  • space1.ex • 157 KB
  • AntiWorld.cpp • 2.11 KB
  • Anti-Analysis Intro

Fighting Packed Malware to the Death

This section delves into the methods used to unpack and analyze packed malware, a common tactic employed by attackers to obscure their malicious code. The lessons start with an introduction to packers and the unpacking process, explaining how packing works and its role in hindering analysis. Students then analyze real-world examples, such as unpacking the infamous WannaCry ransomware, to understand these techniques in action. Practical sessions cover manual unpacking of malware packed with tools like UPX, PECompact, and ASPack, guiding students through the step-by-step process of bypassing these layers of obfuscation. By the end of this section, participants are equipped with the skills needed to effectively combat and analyze packed malware.

  • Instructions
  • 1 - Introduction to Packers and the Unpacking Process • 10 mins• 66.1 MB
  • 2 - Unpacking the WannaCry Ransomware • 7 mins • 25.8 MB Preview
  • 3 - Manual Unpacking of UPX Packed Malware • 10 mins• 41.9 MB
  • 4 - Manual Unpacking of PECompact Packed Malware • 11 mins • 65.5 MB
  • 5 - Manual Unpacking of ASPack Packed Malware • 6 mins• 27.1 MB
  • Packing Overview

Malicious Shellcode Analysis

This section focuses on the analysis and reverse engineering of shellcode, a compact and powerful piece of malicious code used in exploitation. It begins with an introduction to shellcode analysis, explaining its purpose, structure, and role in cyberattacks. Subsequent lessons guide students through the reverse engineering process, covering practical techniques to dissect shellcode. Using step-by-step examples, the course demonstrates how to identify entry points, decode obfuscated instructions, and understand the payload’s functionality. By the end of the section, participants gain the expertise needed to analyze and counteract shellcode, a critical skill in advanced malware analysis and cybersecurity.

Ransomware Reverse Engineering

This section provides an in-depth exploration of ransomware analysis, focusing on the DarkSide ransomware.
Through hands-on exercises, students delve into the techniques used by ransomware developers to obfuscate and encrypt malicious payloads. Lessons cover initial analysis, identifying packed or encrypted sections, and using tools like IDA Pro to unpack and analyze runtime code.

Key topics include dynamic API resolution, rebuilding the Import Address Table (IAT), and decrypting and parsing the resource sections. Students learn to track ransomware behavior, such as machine fingerprinting, privilege escalation, and encryption routines, while also exploring methods for taking memory snapshots and reconstructing decrypted code for static analysis. This section equips learners with practical skills to dissect and understand the tactics, techniques, and procedures (TTPs) of ransomware.

  • 1 - DarkSide Ransomware Initial Analysis • 20 mins • 67.5 MB
  • 2 - DarkSide Ransomware Runtime Code Unpacking - Part 1 • 28 mins • 95.7 MB
  • 3 - DarkSide Ransomware Runtime Code Unpacking - Part 2 • 27 mins • 111 MB
  • 4 - DarkSide Ransomware Runtime Code Unpacking - Part 3 • 18 mins • 75.1 MB
  • 5 - DarkSide Ransomware Dynamic API Resolve • 24 mins • 105 MB
  • 6 - DarkSide Ransomware Rebuilding the IAT (Import Address Table) • 8 mins • 45.6 MB
  • 7 - DarkSide Ransomware TTPs Dissection - Part 1 • 23 mins • 118 MB
  • 8 - DarkSide Ransomware TTPs Dissection - Part 2 • 40 mins • 205 MB

Reverse Engineering .NET Malware

This section focuses on analyzing .NET-based malware using advanced techniques. The lessons center on the SolarWinds Sunburst Backdoor, a sophisticated .NET-based threat. Students learn to decompile and examine malware using tools like dnSpy, explore function call trees, and uncover hidden malicious payloads embedded in legitimate code. Topics include understanding fingerprinting methods like concatenating machine GUIDs and MAC addresses, validating execution environments, and detecting domain-joined computers.

The course also covers how the malware conducts extensive enumeration of services, processes, and system drivers to evaluate attack viability and escalate privileges. Through step-by-step analysis, participants learn how the malware interacts with DNS and C2 servers, builds HTTP requests with disguised user agents, and exfiltrates config files containing sensitive system data. This section equips students with essential skills to dissect .NET malware and understand its stealth techniques.

  • 1 - SolarWinds Sunburst Backdoor Initial Analysis • 8 mins • 40.8 MB
  • 2 - SolarWinds Sunburst Backdoor Backtracking (Function Call Tree Analysis) • 11 mins • 52.2 MB
  • 3 - SolarWinds Sunburst Backdoor Reverse Engineering - Part 1 • 22 mins • 105 MB
  • 4 - SolarWinds Sunburst Backdoor Reverse Engineering - Part 2 • 22 mins • 95.2 MB
  • 5 - SolarWinds Sunburst Backdoor Reverse Engineering - Part 3 • 9 mins • 26.5 MB
  • 6 - SolarWinds Sunburst Backdoor Reverse Engineering - Part 4 • 16 mins • 91.3 MB
  • 7 - SolarWinds Sunburst Backdoor Reverse Engineering - Part 5 • 26 mins • 153 MB

Bonus Content

  • Coming soon

Students Testimonials

“I want to recommend Uriel Kosayev as a quality professional security researcher and lecturer who knows how to guide his students, give the right word, and push them to success. I had the pleasure of being his student.”
Or Levy
Or LevyMobile Security Research Team Leader at Appdome
“The one and only master, thank you! Your knowledge and your passion for Cyber make you a great teacher!!!”
Max Malyutin
Max MalyutinThreat Researcher and Orion Malware Research Team Leader at Cynet
“Uriel is a great lecturer and person not only because of his knowledge in security research, offensive security, and Malware Analysis but also because of the passion that he provided me as a student to keep asking questions and research by myself. Uriel empowers his students with the theory behind the scenes, practical tools to handle complex problems, and the ability to empower the people who learned and work with us.”
Matan Haim Guez
Matan Haim GuezSecurity Researcher at Palo Alto Networks
“I want to say that Uriel Kosayev is one of the best researchers in the industry, with a lot of experience in the field of investigations and reverse engineering, I learned a lot from him. In addition, he has one of the best books on the market that teaches anti-virus bypass methods. I recommend everyone to acquire knowledge from Uriel!”
Omer Dahan
Omer DahanMobile Security Researcher at Appdome
“Uriel is one of the best Cybersecurity trainers among all the people I have ever met. A rare combination of professionalism and high-quality delivery excellent and creative ways he delivers the material. On top of that, if you will ever be a student in his class, I can guarantee you that he will explain to you till you finally understand the learned material. A great lecturer and mentor!”
Sahar Shlichove
Sahar ShlichoveSenior SOC Analyst at TrustNet
“I highly recommend Uriel as a Cybersecurity Specialist. I had the privilege of participating in his training session – it was an exceptional experience! Uriel delivered practical insights that significantly enhanced my and my Team's knowledge and skills in the field. The training was well-structured, engaging, and tailored to the latest industry trends. I am grateful for the opportunity to learn from Uriel and would eagerly participate in any future training sessions organized by him.”
Maria Korlotian
Maria KorlotianDevelopment Team Leader at Mend

From Foundations to Advanced Expertise in Malware Analysis and Reverse Engineering

Master the Art of Malware Analysis with a Comprehensive Two-Part Course

Malware Analyst Professional Course Level 1 Trainsec
Malware Analysis Professional Course Level 2 Trainsec

The Malware Analyst Professional course is a complete training program divided into two parts: Level 1 and Level 2, designed to take you from beginner to advanced expertise in malware analysis and reverse engineering.

Starting with Level 1 is crucial, as it provides the foundational knowledge, tools, and techniques. Level 2 builds on this base, diving into advanced topics such as code injection, unpacking packed malware, analyzing shellcode, and overcoming self-defending malware.

More about level 1
threatzone-logo-dark (1)

Exclusive for TrainSec students

Ever wanted to work with Threat.Zone? The time is now!

20% off for Malware analyst professional students.

With features like MemProcFS for analyzing memory dumps, CDR for sanitizing files, and CSI tools for digital forensics, Threat.Zone provides a powerful environment for malware analysis and security investigations.
Apply for a discount
Malware Analysis Professional Course Level 2 Trainsec
$350 or 3 × $121

Malware Analyst Professional - Level 2

58 Lessons

Take your malware analysis skills to the next level with Malware Analyst Professional Level 2! Led by Uriel Kosayev, founder of TrainSec Academy, this course dives into advanced malware dissection, attacker methods, and reverse engineering tools like IDA Pro and x64dbg. Covering x86 architecture, Windows API analysis, code injection, packed malware, and shellcode, it equips you to excel as a professional malware analyst.

Enroll Now

Useful Resources

Pavel’s GitHub
Pavel’s Books
Uriel’s GitHub
Antivirus Bypass Techniques Book

Learning Paths

Windows Master Developer
Windows Internals Master
Windows Security Researcher
Hardware Hacking Expert

Let's Connect

Contact Us
Join our Discord community

@2025 TrainSec. All rights reserved. Terms of Use | Privacy Policy