Login
Zero2Automated/Zero 2 Automated
Buy now

(Valid until December 1st, 23:30 CET)

🎉 Black Friday/Cyber Monday Sale 🎉

Grab 25% off with code BLACKFRIDAY25 at checkout

  • £149.99 or 3 monthly payments of £55

Zero2Automated

  • Discord access

Developed for those looking to further enhance their skills in the Malware Analysis/Reverse Engineering field.
Buy now
So, you want to learn and/or improve upon your existing malware analysis and reverse engineering skills?
 
You’ve found the right place.
 
Initially created in response to the extreme lack of affordable advanced malware reverse engineering training, the Zero2Automated: Advanced Malware Analysis Course was developed by malware reverse engineers, for malware reverse engineers – with a large focus placed on practical analysis and practical approaches
 
This training walks you through a typical malware infection chain, covering different techniques in use by modern-day threat actors at each stage in the chain – and for each stage we cover a different malware family, so you will be able to experience analysing a vast array of malware throughout this course. From analysing exploit-embedded malicious documents, to reverse engineering a modular implant designed to harvest user credentials, Zero2Automated provides you with everything needed to enhance and advance your malware analysis skillset.
 
While we focused on packing as much material with a practical focus into this course, we do realise that theory is vital in order to understand certain fundamentals, such as grasping the internals of the PROPagate injection technique, or how Equation Editor could be exploited through a malformed FONT type within a Word document to gain code execution. Therefore, we provide theoretical whitepapers alongside the chapters that require a deeper dive, allowing you to refer back to them whenever needed.

Purchase as a Gift

Looking at gifting the course to an aspiring malware analyst or reverse engineer? Whether as a seasonal gift, birthday present, or simply just a gesture of thanks, we'll provide you with a 100% off discount code that you can send to the individual of your choosing.
Gift The Course
This course has all it takes to be the best malware analysis course out there, the content is wonderful, the content creators and instructors are well-known researchers, the price is considerably cheap, and most importantly the practical aspect of the course (which is the most important thing in a malware analysis course) is very intense!

Amged Wageh

I really want to give a shout out to @0verfl0w_ and @VK_Intel for their #Zero2Auto Malware course. Having access to a well organized syllabus which structurally teaches malware analysis, and not to mention automation. I am one happy researcher.


Danus Minimus

What is even better than a solid malware reverse engineering training? A solid malware reverse engineering training packed with additional features to add further value-for-money.
 
Starting out, we knew the plan was always to build up the amount of value within this course. 
Currently, upon purchasing this course you will gain exclusive access to an e-book written by Jason Reaves (@sysopfb) that walks you through several sophisticated malware samples such as Qakbot and GuLoader, 10% off IDA Pro Named License or IDA Home License – the industry standard for disassemblers and decompilers – and access to the Zero2Automated Discord community for collaboration with fellow students, participation in the bi-weekly malware challenges, job postings channel, and more!

We've also thrown in the highly popular Zero2Hero course as well, providing some additional content free of charge!
*Sandbox & MISP Bundle is currently unavailable

Certification of Completion

After successful completion of Zero2Automated: The Advanced Malware Analysis Course, as well as passing the final exam, you will receive a Certificate of Completion, along with a unique certificate ID for verification.
Such an excellent content. This is a must if you want to understand the real power of analyzing malware. It offers up-to-date content and very detailed explanations including notorious malware samples such as Qakbot and IcedID. 
The whole course is organized in such a way that it makes you grasp the key concepts of reverse engineering cyber threats, without going crazy. Absolutely love it.

Felipe Duarte

Most courses I found on malware analysis were either too basic/general or they did not have much hands-on practice at all. Z2A is completely different because it’s really practical and decently challenging. The theory of most covered topic can be found online, but the full walkthrough of malware samples that use those techniques in this course is invaluable. I would say this course is probably one of the best investments I have made to learn RE!

Chuong Dong

Course Prerequisites

Unlike the Beginner Malware Analysis Course, this course has several prerequisites:
  • Beginner Knowledge of Malware Analysis (Malware variants, functionality, etc.)
  • Beginner Knowledge of Reverse Engineering (IDA, x64Dbg - x86 Assembly)
  • Understanding of Programming Concepts (while loops, for loops, etc.)
  • Understanding of Python (Highly Recommended, though not vital)
  • Enthusiasm to learn, and interest in malware reverse engineering
Don't have these prerequisites and want to prepare before taking this course? Check out the Beginner Malware Analysis Course, or alternatively check out the Ultimate Malware Reverse Engineering Bundle which includes both Zero2Automated and the Beginner Malware Analysis Course!
Ultimate Malware Reverse Engineering Bundle

  • £149.99 or 3 monthly payments of £55

What are you waiting for?

  • Discord access

Start your journey into the world of malware analysis now.
Lets go!
Zero to Automated is a natural progression to SANS FOR610, expanding on the analysis of malware obfuscation techniques by dissecting the most prolific and pervasive malware families in use by cybercrime campaigns today.

Jason

This course is really worth it! When last time I checked SANS course FOR610 with info from 2016 it cost around 7k and I'm quite not sure is it even worth the amount of money zero2auto costs

Johnny Belinda

Hex-Rays Discount

We have also partnered with a company you may be familiar with... Hex-Rays!
Upon purchasing the course*, you will be able to grab a 10% discount on an IDA Pro Named License or an IDA Home License, with the discount remaining valid for one year from your course purchase date! In order to activate the discount, it's as simple as adding the license to your cart and then entering your course email address in the "end user email" box, before clicking "update"!

*(All existing students will be able to take advantage of this discount for 1 year starting 29/09/2021)
In my opinion, the course was amazing. The range of topics is really wide, and yet everything is discussed in detail and explained thoroughly. One can tell a lot of work went into making this course, which still sells at a very affordable price. The self-paced approach is invaluable when trying to digest so much densely packed information. I don't think there is anything else available out there with such a great quality to price ratio.

Giacomo Casoni

Course Contents

Chapter 0x00: Course Introduction

Course Introduction and Structure
  • 6 mins
  • 128 MB
Preview
Presentation Access
    Discord Invite
      IDA Pro & Hex-Rays Training Discount

        Chapter 0x01: Algorithms

        This chapter is all about recognising algorithms within malware samples using different techniques, in order to assist with string decryption, configuration extraction, and network traffic analysis!
        Looking at Algorithms inside of Malware
        • 48 mins
        • 3.84 GB
        Recognizing Common Cryptographic Algorithms - Encryption
        • 1.45 MB
        "Recognizing Common Cryptographic Algorithms - Encryption" Samples
        • 1.03 MB

        Chapter 0x02: Initial Stagers

        This chapter starts off by analysing first-stage malware loaders that take the form of malicious macro-embedded documents & documents that exploit a vulnerability within Equation Editor, before reverse engineering the IcedID and ZLoader second-stage loaders - enough to be able to develop a configuration extractor and a basic protocol emulator.
        Unpacking Malware Samples
        • 60 mins
        • 1.39 GB
        Preview
        Diving into 1st Stage Loaders
        • (1h 09m 12s)
        • 2.07 GB
        Reversing Second Stage Loaders - IcedID
        • 45 mins
        • 1.02 GB
        Reversing Second Stage Loaders - Zloader
        • 34 mins
        • 600 MB
        Writing Automated Config Extractors and Emulators
        • (1h 00m 06s)
        • 1.19 GB
        Equation Editor Theory PDF: Exploit Analysis
        • 1.86 MB
        "Unpacking Malware Samples" Samples
        • 2.35 MB
        "Diving into 1st Stage Loaders" Macro Infected Documents
        • 166 KB
        "Diving into 1st Stage Loaders" Equation Editor Exploiting Documents
        • 1.21 MB
        "Reversing Second Stage Loaders" Samples
        • 168 KB

        Chapter 0x03: Evasion

        In this section we will be diving into several different techniques in use by malware to evade detection. This includes in-depth analysis on multiple popular injection methods (such as PROPagate injection and EarlyBird injection), anti-analysis mechanisms, and common persistence techniques.
        Reverse Engineering Process Injection - Reflective, DLL, PE, Hollowing
        • 59 mins
        • 1.33 GB
        Reverse Engineering Process Injection - Doppelganging, APC, EarlyBird
        • (1h 18m 21s)
        • 1.76 GB
        Reverse Engineering Process Injection - API Hooking
        • 38 mins
        • 955 MB
        Reverse Engineering Process Injection - PROPagate Injection
        • 43 mins
        • 1.29 GB
        Analyzing Anti-Analysis Mechanisms in Malware
        • 40 mins
        • 718 MB
        Preview
        Analyzing Persistence Mechanisms in Malware
        • 54 mins
        • 1.27 GB
        Process Injection Theory PDF: PROPagate Injection
        • 131 KB
        Process Injection Theory PDF: Process Doppelganging
        • 82.7 KB
        Process Injection Theory PDF: Reflective DLL Injection
        • 1.5 MB
        "Reverse Engineering Process Injection" Samples - Part 1
        • 819 KB
        "Reverse Engineering Process Injection" Samples - Part 2
        • 522 KB
        "Reverse Engineering Process Injection" Samples - Part 3
        • 222 KB
        "Analyzing Anti-Analysis Mechanisms in Malware" Samples
        • 3.94 MB
        "Analyzing Persistence Mechanisms in Malware" Samples
        • 4.39 MB

        Practical Analysis

        Custom Sample README
          Custom Sample 1
          • 129 KB

          Chapter 0x04: Malware Internals

          Within this chapter we'll be getting into the core of common malware variants, from analysing the browser hooking & inject functionality of banking trojans, to the Luhn10 algorithms in use by Point-Of-Sale based implants, and the propagation techniques employed by worms.
          Malware Internals: Qakbot Web Inject Loader (Part 1)
          • 57 mins
          • 949 MB
          Malware Internals: Qakbot Web Inject Loader (Part 2)
          • (1h 46m 47s)
          • 1.94 GB
          Malware Internals: Worms & Spyware
          • 47 mins
          • 1.18 GB
          Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs
          • (1h 19m 38s)
          • 3.26 GB
          "Malware Internals: Qakbot Web Inject Loader" Sample
          • 239 KB
          "Malware Internals: Worms & Spyware" Samples
          • 3.73 MB
          "Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs" Samples
          • 18.4 MB

          Chapter 0x05: In-Depth Analysis

          This section consists of two sample deep-dives; the first being Trickbot and it's Active Directory components, and the second being an analysis of the Qbot banking trojan, from the very first stage, up until a network protocol & C2 communications analysis walkthrough.
          Theory - Trickbot & Active Directory: In-Depth Analysis
          • 37 mins
          • 1.66 GB
          Practical - Trickbot & Active Directory: In-Depth Analysis
          • 24 mins
          • 1.29 GB
          Trickbot & Active Directory: Prototype Source Code (CPP)
          • 6.45 KB
          Qakbot Deep Dive - First Stage Analysis
          • (1h 08m 16s)
          • 1.48 GB
          Qakbot Deep Dive - Second Stage Analysis
          • 49 mins
          • 942 MB
          Qakbot Deep Dive - Communications Analysis
          • (1h 21m 40s)
          • 1.62 GB
          "Qakbot Deep Dive - First Stage Analysis" Sample
          • 210 KB
          Compiled BriefLZ DLL
          • 11 KB
          Qakbot Scripts
          • 18.4 KB

          Chapter 0x06: Exploitation

          Here we will be reverse engineering and analysing exploitation code within malware samples; specifically a kernel-level privilege escalation exploit used by Ramnit, exploitation of a vulnerable driver to disable Driver Signature Enforcement used by the RobbinHood ransomware gang, and the infamous EternalBlue & EternalRomance exploits in use by Trickbot for network propagation.
          Trickbot Case Study: EternalBlue & EternalRomance - Theory
          • 45 mins
          • 545 MB
          Trickbot Case Study: EternalBlue & EternalRomance - Practical
          • 21 mins
          • 497 MB
          Analysing a Kernel Level Priv. Esc. Exploit: CVE-2014-4113
          • (1h 12m 00s)
          • 1.54 GB
          Kernel Level Priv. Esc. Exploit Samples
          • 1.07 MB
          Analysing a Vulnerable Driver Exploitation Technique for Disabling DSE
          • 45 mins
          • 1.1 GB
          Vulnerable Driver Exploitation Samples
          • 110 KB
          Analyzing a UAC Bypass
          • 47 mins
          • 1.37 GB

          Chapter 0x07: Decompilable2Src Malware

          This chapter steps away from natively compiled binaries and .NET based samples, and focuses on reversing other programming languages commonly used to develop malware, such as Python, JavaScript, and PowerShell.
          Analyzing Uncompiled & Decompilable Malware
          • (1h 01m 00s)
          • 1.24 GB
          "Analyzing Uncompiled & Decompilable Malware" Samples
          • 7.07 MB

          Chapter 0x08: Threat Intelligence

          This chapter walks through the typical threat intelligence process when it comes to malware analysis & reverse engineering, as well as describing how to develop effective YARA rules for detection and threat hunting.
          Hunting for Automated Signature Development - YARA
          • 23 mins
          • 620 MB
          Threat Intelligence - Part 1
          • 36 mins
          • 1.6 GB
          Threat Intelligence - Part 2
          • 33 mins
          • 1.29 GB

          Chapter 0x09: Shellcode Analysis

          This chapter walks you through the somewhat tricky process of reverse engineering malicious shellcode, using tools to execute it within a debugger, as well as analysing some of the techniques commonly seen within shellcode in the wild.
          Analysing Shellcode Statically and Dynamically
          • (1h 07m 00s)
          • 1.61 GB
          "Analysing Shellcode Statically and Dynamically" Samples
          • 18 KB

          Chapter 0x0A: Rootkits & Bootkits

          The final chapter of the core Zero2Automated material, this chapter focuses on Trickbot's bootkit vulnerability reconnaissance tool, and how it operates at the kernel level.
          TrickBoot Theory PDF: Technical Details
          • 205 KB
          Analyzing Trickbot's Bootkit Vulnerability Reconnaissance Tool: Trickboot
          • 49 mins
          • 2.94 GB
          permaDll32.zip
          • 80.2 KB

          Final Examination

          Examination Brief
            Zero2Automated Exam: Theory

              Biweekly Malware Challenges

              Challenge #1: Gozi String Decryption
                Challenge #2: IcedID Configuration Extraction
                  Challenge #3: Oski Stealer String Decryption
                    Challenge #4: Operation DreamJob

                      Zero2Hero

                      You asked for it, and we're providing it! Here you can find all the videos from our previous course, Zero2Hero, that was released for a short period of time in 2019. Now it's back for good!
                      Zero2Hero: Algorithms - RC4
                      • 17 mins
                      • 307 MB
                      Zero2Hero: How Attackers Gain Footholds
                      • 28 mins
                      • 569 MB
                      Zero2Hero: Persistence
                      • 18 mins
                      • 672 MB
                      Zero2Hero: Privilege Escalation
                      • 30 mins
                      • 974 MB
                      Zero2Hero: Analysis Of ASUS SHADOWHAMMER Attack
                      • 36 mins
                      • 972 MB
                      Preview
                      Zero2Hero: Basic Injection Techniques
                      • (1h 03m 07s)
                      • 1.55 GB
                      Zero2Hero: RigEK - Theory
                      • 18 mins
                      • 152 MB
                      Zero2Hero: RigEK - Practice Part 1
                      • 12 mins
                      • 49.4 MB
                      Zero2Hero: RigEK - Practice Part 2
                      • 9 mins
                      • 31.2 MB
                      Zero2Hero: POS - Theory
                      • 14 mins
                      • 116 MB
                      Zero2Hero: POS - Practice
                      • 11 mins
                      • 24.8 MB
                      Zero2Hero: FIN7 Insights - Theory
                      • 12 mins
                      • 98.4 MB
                      Zero2Hero: FIN7 Insights - Practice Part 1
                      • 7 mins
                      • 32.1 MB
                      Zero2Hero: FIN7 Insights - Practice Part 2
                      • 3 mins
                      • 5.76 MB
                      Zero2Hero: Trickbot Hooking Engine - Theory
                      • 14 mins
                      • 113 MB
                      Zero2Hero: Trickbot Hooking Engine - Practice
                      • 14 mins
                      • 286 MB
                      Zero2Hero: Golang Usage in Malware - Theory
                      • 19 mins
                      • 179 MB
                      Zero2Hero: Golang Usage in Malware - Practice
                      • 13 mins
                      • 45.1 MB
                      Zero2Hero: YARA Hunting for Code Reuse - Theory
                      • 34 mins
                      • 287 MB
                      Zero2Hero: YARA Hunting for Code Reuse - Practice
                      • 15 mins
                      • 33.3 MB
                      Zero2Hero: Malware Samples
                      • 19.4 MB

                      Zero2Automated: Malware Walkthroughs E-Book

                      Zero2Automated Malware Walkthroughs
                      • 1.01 MB
                      Zero2Automated Malware Walkthroughs - EPUB (Test)
                      • 923 KB

                      Blog Posts

                      Full Blog Posts/Writeups written by the Zero2Auto Team
                      Netwalker - From static RE to automatic extraction
                      • 256 KB

                      Resources

                      Link to Windows 7 VM

                        FAQs

                        Do I get lifetime access to the course?

                        Yes! Upon purchasing the course, you gain immediate lifetime access, allowing you to come back every few months to look at specifics! No additional payments, no additional worries! Furthermore, further content will be added to the course over time, which you will also gain access to, free of charge!

                        Can I access the course offline?

                        Unfortunately the videos cannot be accessed offline, however, you are able to download the theoretical material provided alongside the course, to study more in-depth topics offline!

                        Is payment possible without PayPal?

                        Both Stripe (Credit Card/Debit Card payments) and PayPal are the main supported payment processors of the platform, however if these are an issue for you, we may be able to work out possible payment methods - in that case, please see the "How can I contact you" answer.

                        Is a Certificate of Completion given?

                        It is! Upon completing the videos, there will be a short test that you can take. Upon passing this test, you will receive a certificate of completion, with your name on it!

                        How can I contact you for further questions?

                        You can contact us over Twitter (@0verfl0w_) or via Email (contact@0ffset.net)

                        Be the first to know

                        Get product updates, launch announcements and more by joining the newsletter.

                        You're signing up to receive emails from 0ffset Training Solutions