Malware Analyst Professional Course Level 1 Trainsec
$350 or 3 × $121

Malware Analyst Professional - Level 1

In this malware analysis and reverse engineering course, you will delve into the inner core of dissecting different malware types and variants, understand the adversarial mindset behind them and the used TTPs. At the end of the course, you will gain the power and knowledge to win any malware coming your way.

56 Lessons | Community access

Lifetime access

$350

or $121 x 3 installments
  • Full Lifetime Access
  • 14 Day Money-Back Guarantee
  • Installments available
  • Online community
Buy Now
Download Syllabus
blue depth

Level Up Your Skills with Our Malware Analysis Course!

This course lays the groundwork for mastering malware analysis. Gain essential skills, earn certification, and launch your cybersecurity career with confidence!

Hands-On Experience

Gain practical experience through hands-on labs and real-world case studies, allowing you to apply theoretical knowledge to practical scenarios. Develop the confidence and proficiency to analyze and combat various types of malware effectively.

In-Demand Skills

Acquire the specialized skills and knowledge needed to excel in the dynamic field of cybersecurity. Our comprehensive curriculum covers the latest malware analysis techniques, ensuring you stay ahead of the curve in this rapidly evolving industry.

Lifetime Access to Resources

Enjoy lifetime access to course materials, updates, and resources, ensuring you stay current with the latest trends and developments in malware analysis. Continue to refine your skills and knowledge long after completing the course.

Certificate of Completion

Upon successful completion of the course, you’ll receive a prestigious certification that is widely recognized and respected by employers worldwide. Stand out from the crowd and showcase your expertise as a certified malware analyst professional.

Career Advancement Opportunities

Open doors to exciting career opportunities in cybersecurity with our malware analyst professional certification. Whether you’re looking to advance in your current role or transition to a new career path, our training program equips you with the skills and credentials needed to succeed.

Exclusive Online Community

Connect with industry professionals and fellow students through our exclusive online community. Share insights, collaborate on projects, and expand your professional network to enhance your career prospects.

Personalized Support

Receive personalized support from our team of experienced instructors who are dedicated to your success. Get answers to your questions, guidance on challenging concepts, and tailored feedback to help you excel in your studies.

threatzone-logo-dark (1)

Exclusive for TrainSec students

Ever wanted to work with Threat.Zone? The time is now!

20% off for Malware analyst professional students.

With features like MemProcFS for analyzing memory dumps, CDR for sanitizing files, and CSI tools for digital forensics, Threat.Zone provides a powerful environment for malware analysis and security investigations.
Apply for a discount
Uriel Kosayev

Uriel Kosayev

Security Researcher, Trainer & Speaker | Author of the Antivirus Bypass Techniques book & founder of TrainSec

@MalFuzzer

Cybersecurity researcher and red teamer who lives both on the offensive and defensive fronts. The author of the “Antivirus Bypass Techniques”, “Malware Analysis On Steroids” books, expert in malware research, reverse engineering, penetration testing, digital forensics, and incident response.

Uriel’s publications

Uriel Kosayev
Twitter Linkedin Youtube Github
Uriel's Courses
Antivirus Bypass Techniques book

Only for students in this course

30% off Antivirus Bypass Techniques book

Learn practical techniques and tactics to combat, bypass, and evade antivirus software Enroll in this course and receive a 30% discount on the best-seller Antivirus Bypass Techniques book.

Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and take you through a series of antivirus bypass techniques that will enable you to bypass antivirus solutions.

Apply for a discount

Are you a freelancer or an individual student?

Contact us to receive more affordable personal pricing.

Apply for a discount

Trusted by 7,348 students and companies

Sentinel one logo white
microsoft logo white
google logo white
mandiant logo white
intel logo white
cisco white logo tr
citibank logo white
alfa bank logo white
malwarebytes logo white
proofpoint logo white
epam logo white
Sentinel one logo white
microsoft logo white
google logo white
mandiant logo white
intel logo white
cisco white logo tr
citibank logo white
alfa bank logo white
malwarebytes logo white
proofpoint logo white
epam logo white

What you will learn in the course

  • Lab hardening with Flare-VM and INetSim isolation
  • Compile-to-assembly mapping for fast code recognition
  • Reading PE headers and directory tables confidently
  • Static triage—hashes, strings, entropy, packer spotting
  • Unpacking UPX and custom shells to retrieve payloads
  • High-resolution dynamic telemetry via Procmon and API hooks
  • Network forensics and PCAP correlation with sandbox events
  • Debugger-guided runtime analysis of FlawedAmmyy RAT
  • Crafting precise YARA rules from reversed code patterns
  • Dissecting PDF & VBA exploits for document-borne threats

Pre-requisites:

  • Solid C/C++ basics and comfort using Visual Studio
  • Working knowledge of Windows internals (processes, memory, registry)
  • Familiarity with command-line tools and scripting (PowerShell or Python)
  • A Windows 10/11 64-bit VM with Administrator rights for labs
  • Basic grasp of network protocols (TCP, HTTP, DNS) for PCAP analysis

Chapters included in this course

Download Syllabus

Malware Analyst Professional - Level 1: Course contents

Malware Analyst Professional – Level 1 is a hands-on journey from “sample received” to crystal-clear intelligence. Across six tightly sequenced modules, you will build a safe Flare-VM lab, compile and reverse C programs, decode PE headers, master rapid static triage and unpacking, capture every runtime artefact with Process Explorer, Procmon, and live debugging, and finally dissect real-world document exploits and VBA macros. Each step pairs theory with guided labs, culminating in a full static + dynamic analysis of the FlawedAmmyy RAT and custom YARA rules you can deploy the same day. Whether you’re aiming for SOC enrichment, incident response, or threat-research roles, this course equips you with repeatable workflows and open-source tooling to turn unknown binaries into actionable detection and defensive insight.

Module 1: Foundations & Lab Setup

Before diving into samples, you’ll build a safe playground. This opening module first clarifies what malware analysis is and how analysts balance static and dynamic techniques. Then you create the tools and perimeter you’ll rely on for the rest of the course: a Windows guest hardened with Flare-VM and INetSim. By the end, you have a throw-away, isolated environment where malicious binaries can run freely while their every move is recorded, your essential springboard for all future labs.

Module 2: From Source to Assembly: Building & Peeking Inside C Programs

Malware rarely ships with source code, yet knowing what typical C constructs look like in a disassembler is the analyst’s first superpower. In this module, you install a properly tooled Visual Studio, review the compile-link-load-runtime pipeline, and write a simple program while playing with some compiler options to see how each flag reshapes the PE file. Then you flip perspectives: load the freshly built binary into IDA/Ghidra, trace its functions, and correlate assembly patterns back to their C origins. By the end, you’ll grasp how everyday coding choices surface in machine code, knowledge that lets you recognise, label, and reason about unknown malware far faster in later modules.

  • 1 - Installing Visual Studio.mp4 • 4 mins • 23.4 MB
  • 2 - The four stages of Development.mp4 • 5 mins • 14.9 MB
  • 3 - Basic C Code Example - Part 1.mp4 • 7 mins • 24.6 MB
  • 4 - Basic C Code Example - Part 2.mp4 • 11 mins • 66.5 MB
  • example1.c • 720 Bytes
  • example2.c • 2.39 KB
  • 5 - Basic Reverse Engineering - Part 1.mp4 • 25 mins • 138 MB
  • 6 - Basic Reverse Engineering - Part 2.mp4 • 5 mins • 30.2 MB

Module 3: Peering into Portable Executables

Every Windows binary, benign or malicious, travels as a Portable Executable. This module equips you to read that blueprint like a map. You’ll learn the hierarchy of headers that the OS loader trusts, follow RVAs to real bytes on disk, and inspect the import, export, and other intricate parts of the PE file format that reveal a program’s intentions. Finally, you’ll contrast EXE and DLL flavours so you can spot masquerading tricks attackers love. With this knowledge, any sample you meet later in the course will feel less like a black box and more like a well-labelled puzzle you already know how to solve.

  • 1 - PE Structure Overview - Part 1.mp4 • 13 mins • 145 MB
  • 2 - PE Structure Overview - Part 2.mp4 • 14 mins • 81.9 MB
  • 3 - PE-exe vs. PE-dll.mp4 • 8 mins • 46 MB

Module 4: Static Triage, Unpacking & Real-World Walk-Through

Speed is everything when a suspicious file lands on your desk. This module teaches you to confirm maliciousness and extract intelligence within minutes, before you ever press Run. You’ll translate AV labels, separate quick-burn IoCs from behaviour-rich IoAs, fingerprint samples by type, hash, and embedded strings, and pierce common packers to reveal true payloads. Then you will practise turning authoritative docs and API references into instant insight and apply the full workflow to a live FlawedAmmyy RAT: unpack it, map its C2 logic, flag persistence tricks, and save your progress in IDA for future use. After this module, you’ll wield a repeatable static-analysis playbook that delivers actionable results fast and sets you up for deeper dynamic or reversing tasks ahead.
  • 1 - Purpose and Goals of Malware Analysis.mp4 • 5 mins • 16 MB
  • 2 - Understanding Signature Names and VirusTotal Overview.mp4 • 12 mins • 67.8 MB
  • 3 - IoC vs. IoA.mp4 • 8 mins • 58.3 MB
  • 4 - Identifying File Types.mp4 • 5 mins • 31.1 MB
  • 5 - Calculating Hashes.mp4 • 11 mins • 65.5 MB
  • 6 - Strings Extraction.mp4 • 6 mins • 35.4 MB
  • 7 - Packing Analysis - Part 1.mp4 • 9 mins • 53.3 MB
  • 8 - Packing Analysis - Part 2.mp4 • 15 mins • 90.4 MB Preview
  • 9 - Packing Analysis - Part 3.mp4 • 4 mins • 15.1 MB
  • 10 - Identifying Malicious Functionality.mp4 • 10 mins • 55 MB
  • 11 - Approaching and Reading Documentations.mp4 • 10 mins • 60.8 MB
  • 12 - Dissecting FlawedAmmyy - Part 1.mp4 • 26 mins • 211 MB
  • 13 - Dissecting FlawedAmmyy - Part 2.mp4 • 26 mins • 160 MB
  • 14 - Saving your RE progress to an IDB File.mp4 • 2 mins • 9.72 MB

Module 5: Live Behaviour & Dynamic Reverse Engineering

Static clues only go so far; eventually, you must watch malware run. In this module, you build a layered toolkit, Process Explorer, Process Hacker, Procmon, API Logger, CMD Watcher, and IDA debugger, to capture every file write, registry tweak, API call, and decrypted string in real time. You will rehearse on generic samples, then tackle the FlawedAmmyy RAT end-to-end: correlate PCAP traffic with sandbox telemetry, single-step through its remote-control routines, and harvest IOCs straight into custom YARA signatures. By the end, you’ll wield a repeatable dynamic-analysis workflow that turns chaotic runtime behaviour into precise, automatable detections.
  • 1 - Introduction to Dynamic Analysis.mp4 • 29 mins • 129 MB
  • 2 - Working with Process Explorer.mp4 • 10 mins • 58.2 MB
  • 3 - Extracting IoCs using Process Hacker.mp4 • 6 mins • 39.3 MB
  • 4 - Working with Procmon.mp4 • 11 mins • 68.7 MB
  • 5 - Monitoring WinAPI Functions using API Logger.mp4 • 3 mins • 10.4 MB
  • 6 - Inspecting Process Command Line Parameters using CMD Watcher.mp4 • 7 mins • 37 MB
  • 7 - Debugging DLL Files with IDA Disassembler.mp4 • 5 mins • 13.4 MB Preview
  • 8 - FlawedAmmyy RAT - Attack Flow PCAP Analysis Overview.mp4 • 16 mins • 90.7 MB
  • 9 - FlawedAmmyy RAT Dynamic Analysis .mp4 • 23 mins • 185 MB
  • 10 - FlawedAmmyy RAT Dynamic Reverse Engineering - Part 1.mp4 • 28 mins • 208 MB
  • 11 - FlawedAmmyy RAT Dynamic Reverse Engineering - Part 2.mp4 • 27 mins • 212 MB
  • 12 - Detecting FlawedAmmyy RAT with YARA.mp4 • 25 mins • 120 MB

Module 6: Dissecting Malicious Documents: PDFs & Office Macros

Email-borne documents are still the easiest way into an enterprise, so an analyst must tear them apart quickly and safely. In this module, you first learn the anatomy of PDFs, objects, actions, and embedded JavaScript, then tackle a historic yet instructive Adobe Reader exploit, carving out the payload byte-by-byte. Shifting to Office files, you explore how VBA macros, enumerate suspicious modules, and trace obfuscated code that injects shellcode straight into memory. By the end, you’ll wield a toolkit and workflow for spotting, extracting, and neutralising malicious document payloads long before a victim can click “Enable Content.”
  • 1 - Introduction to Malicious Documents.mp4 • 8 mins • 24.6 MB
  • 2 - Introduction to Analyzing Malicious PDF Files.mp4 • 3 mins • 9.31 MB
  • 3 - Analyzing the CVE-2008-2992 PDF Exploit.mp4 • 6 mins • 31.2 MB
  • 4 - Analyzing VBA Macros - Introduction.mp4 • 6 mins • 19.2 MB
  • 5 - Analyzing VBA Macros - Shellcode Injection.mp4 • 15 mins • 101 MB

Malware Lab Samples

Here you can download all the relevant samples so you can reproduce the analysis steps with me together.

  • 404 Not Found - Isn't that a Mystery?!
  • space1 - FlawedAmmyy.zip • 108 KB
  • Malicious Documents Lab Samples.zip • 839 KB

YARA Rules

Here you can download all the relevant samples so you can reproduce the analysis steps with me together.

Students Testimonials

“I want to say that Uriel Kosayev is one of the best researchers in the industry, with a lot of experience in the field of investigations and reverse engineering, I learned a lot from him. In addition, he has one of the best books on the market that teaches anti-virus bypass methods. I recommend everyone to acquire knowledge from Uriel!”
Omer Dahan
Omer DahanMobile Security Researcher at Appdome
“Uriel is one of the best Cybersecurity trainers among all the people I have ever met. A rare combination of professionalism and high-quality delivery excellent and creative ways he delivers the material. On top of that, if you will ever be a student in his class, I can guarantee you that he will explain to you till you finally understand the learned material. A great lecturer and mentor!”
Sahar Shlichove
Sahar ShlichoveSenior SOC Analyst at TrustNet
“I highly recommend Uriel as a Cybersecurity Specialist. I had the privilege of participating in his training session – it was an exceptional experience! Uriel delivered practical insights that significantly enhanced my and my Team's knowledge and skills in the field. The training was well-structured, engaging, and tailored to the latest industry trends. I am grateful for the opportunity to learn from Uriel and would eagerly participate in any future training sessions organized by him.”
Maria Korlotian
Maria KorlotianDevelopment Team Leader at Mend
“I took the Certified Malware Analyst Professional. Uriel is a great instructor, goes into the fine details of subjects, and answers questions with attention. I recommend the course for anyone looking to get into malware reverse engineering and perform malware analysis of samples. The skills obtained have helped with studying different Windows mechanisms as well as developing custom malware.”
Yehuda Smirnov
Yehuda SmirnovRed Team Security Researcher @ Accenture | Penetration Tester
“Uriel is the best cyber instructor I have ever met. he has a very interesting way of communicating and teaching his knowledge. Besides his Antivirus Bypass Techniques book that was written by him is a POWERFUL book with tons of knowledge that helped to set me ahead in my career. it has been a pleasure being your student Uriel.”
Adam Joron
Adam JoronSenior IT Specialist, Security+ certified.
Malware Analyst Professional Course Level 1 Trainsec
$350 or 3 × $121

Malware Analyst Professional - Level 1

56 Lessons | Community Access

In this malware analysis and reverse engineering course, you will delve into the inner core of dissecting different malware types and variants, understand the adversarial mindset behind them and the used TTPs. At the end of the course, you will gain the power and knowledge to win any malware coming your way.

Enroll Now

Useful Resources

Pavel’s GitHub
Pavel’s Books
Uriel’s GitHub
Antivirus Bypass Techniques Book

Learning Paths

Windows Master Developer
Windows Internals Master
Windows Security Researcher
Hardware Hacking Expert

Let's Connect

Contact Us
Join our Discord community

@2025 TrainSec. All rights reserved. Terms of Use | Privacy Policy