TN-999: Reverse Engineering Malware Course

Course Overview:

This course is designed for professionals that are expected to do malware analysis. A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics Reverse Engineering Malware.

Attendees to TN-999: Reverse Engineering Malware will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Toolkit and Lab Assembly
  • Malware Code and Behavioral Analysis Fundamentals
  • Malicious Static and Dynamic Code Analysis
  • Collecting/Probing System and Network Activities
  • Analysis of Malicious Document Files
  • Analyzing Protected Executables
  • Analyzing Web-Based Malware
  • DLL Construction and API Hooking
  • Common Windows Malware Characteristics in x86 Assembly
  • Unpacking Protected Malware
  • In-Depth Analysis of Malicious Browser Scripts, Flash Programs and Office
  • In-Depth Analysis of Malicious Executables
  • Windows x86 Assembly Code Concepts for Revers-Engineering Memory Forensics for Rootkit Analysis

Prerequisites:

  • Strong understanding of core systems and network concepts
  • Exposure to programming and assembly concepts
  • Comfortable with command line access

Comments

Latest comments from students

User: marcus.osullivan

Instructor comments: Good stuff. I like the beginning half where there was help from an additional instructor to facilitate fixing computer errors that inevitably popped up.

Facilities comments: The baby deer were neat! I like the resort.

Liked the class?  Then let everyone know!

Welcome to TechNow!

Welcome to TechNow! The Leader in Information Security Training & Computer Training.

The world of information security and computer training is ever changing.  The techniques and systems continue to evolve and we must stay current and diligent.  To do this, you can count on TechNow®…the leader in cybersecurity training and computer system training.

TechNow® has been training the leaders in the computer community for many years.  We provide training for students in a number of areas.  Our cybersecurity trainings include popular courses like D0D 8140, Security , CISM, CISSP, CEH,CCNA, and more.  With over 34 years of experience, we’re able to provide you with unmatched training and certification programs.

TechNow also provides a variety of other popular trainings for the computer professional including Cisco, EC-Council, CompTIA, Unix/Linux and more.

.

Search Our Site

Upcoming Events

  • IT-113: IT Infrastructure Library (ITIL) v4 – Foundations Course
    • 08/04/2025 – 08/08/2025
    • San Antonio
  • PM-325: Project Management Professional (PMP) Exam Preparation
    • 08/04/2025 – 08/08/2025
    • San Antonio
  • N-305: CCNA Bootcamp
    • 08/11/2025 – 08/15/2025
    • San Antonio
  • PM-224: PMI Agile Certified Practitioner (PMI-ACP)® Prep Course
    • 08/11/2025 – 08/13/2025
    • San Antonio
  • TN-555: Certified Ethical Hacker v13 (CEH)
    • 08/11/2025 – 08/15/2025
    • San Antonio
  • all events

    • in   

    VM-325: VMware View: Install, Configure and Manage

    Course Overview:

    This hands-on training course builds your skills in the VMware ViewTM suite of products: VMware View Manager, VMware View Composer, and VMware® ThinAppTM.  Based on customer specification, this course can be based on View 4.x or 5.x, and ThinApp 4.x or 5.x releases.

    Attendees to VM-325: VMware View: Install, Configure and Manage will receive TechNow approved course materials and expert instruction.

    At the end of this course, you should understand the features and operations of View and be able to:

    • Install and configure View components
    • Create and manage dedicated and floating desktop pools
    • Deploy and manage linked-clone virtual desktops
    • Configure and manage desktops that run in local mode
    • Configure secure access to desktops through a public network
    • Use ThinApp to package applications

    Date/Locations:

    No Events

    Duration: 5 days

    Course Objectives:

    • Module 1: Course Introduction
    • Module 2: Introduction to VMware View
    • Module 3: View Connection Server
    • Module 4: View Desktops
    • Module 5: View Client Options
    • Module 6: View Administratory
    • Module 7: Configuring and Managing Linked Clones
    • Module 8: Local-Mode Desktops
    • Module 9: Command-Line Tools and Backup Options
    • Module 10: Managing VMware View Security
    • Module 11: View Manager Performance and Scalability
    • Module 12: VMware® ThinAppTM

    Prerequisites:

    • VM-315: VMware Infrastructure: Install, Configure and Manage
    • Experience in Microsoft Windows Active Directory Administration
    • Experience with VMware vSphereTM
    • Before attending the course, students must be able to perform the following tasks:
      • Create a template in VMware vCenterTM Server and deploy a virtual machine from it
      • Modify a template customization file
      • Open a virtual machine console in vCenter Server and access the guest operating system
      • Configure Active Directory services

     

    Comments

    Latest comments from students

    Liked the class?  Then let everyone know!

    Specialized

    TechNow provides an array of courses to meet our customer's requirements.  Courses that do not fit into our major course categories and custom or specialized courses appear here.  

    Here are courses about specilaized Software or Hardware:

    in   

    TN-963: Windows Security Automation with PowerShell

    Course Overview:

    PowerShell is made for Security Operations (SecOps) automation on Windows. SecOps requires automation in order to scale out security changes and monitoring beyond a handful of hosts. For example, when a vulnerability must be remediated but there is no patch for it yet, automation is needed to quickly and consistently enact the changes necessary. PowerShell “remoting” is encrypted remote command execution of PowerShell scripts in a way that can scale to thousands of endpoints and servers.

    Imagine being able to hunt for indicators of compromise across thousands of machines with just a few lines of PowerShell code. Or imagine having the local Administrator account password reset every night on thousands of endpoints in a secure way, and being able to retrieve that password securely too.

    We will show you to do these tasks and more. Transcription logging for forensics, strong encryption code signing, application whitelisting of scripts, IPSec port control, and Just Enough Admin (JEA).

    As more and more of our systems are moved up to the cloud, PowerShell will become even more important. Amazon Web Services, Microsoft Azure, Office 365, Hyper-V and VMware already support PowerShell administration for many tasks.

    Attendees to TN-963: Windows Security Automation with PowerShell will receive TechNow approved course materials and expert instruction.

    Date/Locations:

    No Events

    Duration: 3 days

    Course Objectives:

    Day One
    PowerShell Overview and Tips

      • Getting started running commands
      • Using and updating the built-in help
      • Execution policies
      • Fun tricks with the ISE graphical editor
      • Piping .NET and COM objects, not text
      • Using properties and methods of objects
      • Helping Linux admins feel more at home
      • Aliases, cmdlets, functions, modules, etc.
      • Customizing your profile script

    What Can We Do With PowerShell

      • PowerShell remote command execution
      • Fan-out remoting and security
      • File copy via PowerShell remoting
      • Capturing the output of commands
      • Parsing text files and logs with regex patterns
      • Searching remote event logs faster with XPath
      • Mounting the registry as a drive
      • Exporting data to CSV, HTML and JSON files
      • Parsing and mining nmap port scanner XML output
      • Running scripts as scheduled jobs
      • Pushing out scripts through Group Policy
      • Importing modules and dot-sourcing functions
      • http://www.PowerShellGallery.com

    Write your own scripts

      • Writing your own functions
      • Passing arguments into your scripts
      • Function parameters and returning output
      • Flow control: if-then, do-while, foreach, switch
      • The .NET Framework class library: a playground
      • How to pipe data in/out of your scripts

    Day Two
    Continuous Secure Configuration Enforcement

      • How to use Group Policy and PowerShell together
      • Automate with INF security templates
      • How to customize INF templates
      • Microsoft Security Compliance Manager (SCM)
      • SECEDIT.EXE scripting
      • Building an in-house security repository for SecOps/DevOps
      • NSA’s Secure Host Baseline GPOs

    Group Policy Precision Targeting

      • Managing Group Policy Objects (GPOs) with PowerShell
      • LSDOU, Block Inheritance, Enforced GPOs
      • Group Policy permissions for targeting changes
      • ADMX templates for mass registry editing
      • Deploying PowerShell startup and logon scripts
      • WMI item-level targeting of GPO preferences
      • GPO scheduled tasks to run PowerShell scripts
      • Remote command execution via GPO (not remoting)
      • Empowering the Hunt Team to fight back!

    Server Hardening for SecOps/DevOps

      • Server Manager scripting with PowerShell
      • Adding and removing roles and feature
      • Remotely inventory roles, features, and apps
      • Why Server Nano or Server Core
      • Running PowerShell automatically after service failure
      • Service account identities, passwords, and risks
      • Tools to reset service account passwords securely

    Day Three
    PowerShell Desired State Configuration (DSC)

      • DSC is Configuration Management built in for free
      • Using DSC for continuous reinforcement of settings
      • Writing your own DSC configuration scripts
      • Free DSC resource modules: www.PowerShellGallery.com
      • How to push DSC configurations to many targets
      • DSC background job processing in push mode
      • Examples: sync files, install roles, manage groups
      • Auditing a remote target against a DSC MOF template
      • “ApplyAndAutoCorrect” mode for continuous enforcement

    PowerShell Just Enough Admin (JEA)

      • JEA is Windows sudo, like on Linux
      • JEA is Windows setuid root, like on Linux
      • Restricting commands and arguments
      • Verbose transcription logging
      • How to set up and configure JEA
      • Privilege Access Workstations (PAWs)

    PowerShell and WMI

      • Windows Management Instrumentation (WMI) service
      • What is WMI and why do hackers abuse it so much?
      • Using PowerShell to query WMI CIM classes
      • WMI authentication and traffic encryption
      • Inventory operating system versions and installed software
      • WMI remote command execution versus PowerShell remoting
      • PowerShell security best practices
      • PowerShell transcription logging to catch hackers

    Prerequisites:

    • GSEC or equivalent experience
    • UNIX, Windows, Networking, and Security Experience
    • This is a hands-on skill course requiring comfort with command line interaction and network communications

    Comments

    Latest comments from students

    Liked the class?  Then let everyone know!