Login
Zero2Automated/Zero 2 Automated
Buy now

  • £149.99 or 3 monthly payments of £55

Zero2Automated

  • Discord access

Developed for those looking to further enhance their skills in the Malware Analysis/Reverse Engineering field.
Buy now
So, you want to learn and/or improve upon your existing malware analysis and reverse engineering skills?
 
You’ve found the right place.
 
Initially created in response to the extreme lack of affordable advanced malware reverse engineering training, the Zero2Automated: Advanced Malware Analysis Course was developed by malware reverse engineers, for malware reverse engineers – with a large focus placed on practical analysis and practical approaches
 
This training walks you through a typical malware infection chain, covering different techniques in use by modern-day threat actors at each stage in the chain – and for each stage we cover a different malware family, so you will be able to experience analysing a vast array of malware throughout this course. From analysing exploit-embedded malicious documents, to reverse engineering a modular implant designed to harvest user credentials, Zero2Automated provides you with everything needed to enhance and advance your malware analysis skillset.
 
While we focused on packing as much material with a practical focus into this course, we do realise that theory is vital in order to understand certain fundamentals, such as grasping the internals of the PROPagate injection technique, or how Equation Editor could be exploited through a malformed FONT type within a Word document to gain code execution. Therefore, we provide theoretical whitepapers alongside the chapters that require a deeper dive, allowing you to refer back to them whenever needed.

Purchase as a Gift

Looking at gifting the course to an aspiring malware analyst or reverse engineer? Whether as a seasonal gift, birthday present, or simply just a gesture of thanks, we'll provide you with a 100% off discount code that you can send to the individual of your choosing.
Gift The Course
This course has all it takes to be the best malware analysis course out there, the content is wonderful, the content creators and instructors are well-known researchers, the price is considerably cheap, and most importantly the practical aspect of the course (which is the most important thing in a malware analysis course) is very intense!

Amged Wageh

I really want to give a shout out to @0verfl0w_ and @VK_Intel for their #Zero2Auto Malware course. Having access to a well organized syllabus which structurally teaches malware analysis, and not to mention automation. I am one happy researcher.


Danus Minimus

What is even better than a solid malware reverse engineering training? A solid malware reverse engineering training packed with additional features to add further value-for-money.
 
Starting out, we knew the plan was always to build up the amount of value within this course. 
Currently, upon purchasing this course you will gain exclusive access to an e-book written by Jason Reaves (@sysopfb) that walks you through several sophisticated malware samples such as Qakbot and GuLoader, 10% off IDA Pro Named License or IDA Home License – the industry standard for disassemblers and decompilers – and access to the Zero2Automated Discord community for collaboration with fellow students, participation in the bi-weekly malware challenges, job postings channel, and more!

We've also thrown in the highly popular Zero2Hero course as well, providing some additional content free of charge!
*Sandbox & MISP Bundle is currently unavailable

Certification of Completion

After successful completion of Zero2Automated: The Advanced Malware Analysis Course, as well as passing the final exam, you will receive a Certificate of Completion, along with a unique certificate ID for verification.
Such an excellent content. This is a must if you want to understand the real power of analyzing malware. It offers up-to-date content and very detailed explanations including notorious malware samples such as Qakbot and IcedID. 
The whole course is organized in such a way that it makes you grasp the key concepts of reverse engineering cyber threats, without going crazy. Absolutely love it.

Felipe Duarte

Most courses I found on malware analysis were either too basic/general or they did not have much hands-on practice at all. Z2A is completely different because it’s really practical and decently challenging. The theory of most covered topic can be found online, but the full walkthrough of malware samples that use those techniques in this course is invaluable. I would say this course is probably one of the best investments I have made to learn RE!

Chuong Dong

Course Prerequisites

Unlike the Beginner Malware Analysis Course, this course has several prerequisites:
  • Beginner Knowledge of Malware Analysis (Malware variants, functionality, etc.)
  • Beginner Knowledge of Reverse Engineering (IDA, x64Dbg - x86 Assembly)
  • Understanding of Programming Concepts (while loops, for loops, etc.)
  • Understanding of Python (Highly Recommended, though not vital)
  • Enthusiasm to learn, and interest in malware reverse engineering
Don't have these prerequisites and want to prepare before taking this course? Check out the Beginner Malware Analysis Course, or alternatively check out the Ultimate Malware Reverse Engineering Bundle which includes both Zero2Automated and the Beginner Malware Analysis Course!
Ultimate Malware Reverse Engineering Bundle

  • £149.99 or 3 monthly payments of £55

What are you waiting for?

  • Discord access

Start your journey into the world of malware analysis now.
Lets go!
Zero to Automated is a natural progression to SANS FOR610, expanding on the analysis of malware obfuscation techniques by dissecting the most prolific and pervasive malware families in use by cybercrime campaigns today.

Jason

This course is really worth it! When last time I checked SANS course FOR610 with info from 2016 it cost around 7k and I'm quite not sure is it even worth the amount of money zero2auto costs

Johnny Belinda

Hex-Rays Discount

We have also partnered with a company you may be familiar with... Hex-Rays!
Upon purchasing the course*, you will be able to grab a 10% discount on an IDA Pro Named License or an IDA Home License, with the discount remaining valid for one year from your course purchase date! In order to activate the discount, it's as simple as adding the license to your cart and then entering your course email address in the "end user email" box, before clicking "update"!

*(All existing students will be able to take advantage of this discount for 1 year starting 29/09/2021)
In my opinion, the course was amazing. The range of topics is really wide, and yet everything is discussed in detail and explained thoroughly. One can tell a lot of work went into making this course, which still sells at a very affordable price. The self-paced approach is invaluable when trying to digest so much densely packed information. I don't think there is anything else available out there with such a great quality to price ratio.

Giacomo Casoni

Course Contents

Chapter 0x00: Course Introduction

Course Introduction and Structure
Preview
Presentation Access
Discord Invite
IDA Pro & Hex-Rays Training Discount

Chapter 0x01: Algorithms

This chapter is all about recognising algorithms within malware samples using different techniques, in order to assist with string decryption, configuration extraction, and network traffic analysis!
Looking at Algorithms inside of Malware
Recognizing Common Cryptographic Algorithms - Encryption
"Recognizing Common Cryptographic Algorithms - Encryption" Samples

Chapter 0x02: Initial Stagers

This chapter starts off by analysing first-stage malware loaders that take the form of malicious macro-embedded documents & documents that exploit a vulnerability within Equation Editor, before reverse engineering the IcedID and ZLoader second-stage loaders - enough to be able to develop a configuration extractor and a basic protocol emulator.
Unpacking Malware Samples
Preview
Diving into 1st Stage Loaders
Reversing Second Stage Loaders - IcedID
Reversing Second Stage Loaders - Zloader
Writing Automated Config Extractors and Emulators
Equation Editor Theory PDF: Exploit Analysis
"Unpacking Malware Samples" Samples
"Diving into 1st Stage Loaders" Macro Infected Documents
"Diving into 1st Stage Loaders" Equation Editor Exploiting Documents
"Reversing Second Stage Loaders" Samples

Chapter 0x03: Evasion

In this section we will be diving into several different techniques in use by malware to evade detection. This includes in-depth analysis on multiple popular injection methods (such as PROPagate injection and EarlyBird injection), anti-analysis mechanisms, and common persistence techniques.
Reverse Engineering Process Injection - Reflective, DLL, PE, Hollowing
Reverse Engineering Process Injection - Doppelganging, APC, EarlyBird
Reverse Engineering Process Injection - API Hooking
Reverse Engineering Process Injection - PROPagate Injection
Analyzing Anti-Analysis Mechanisms in Malware
Preview
Analyzing Persistence Mechanisms in Malware
Process Injection Theory PDF: PROPagate Injection
Process Injection Theory PDF: Process Doppelganging
Process Injection Theory PDF: Reflective DLL Injection
"Reverse Engineering Process Injection" Samples - Part 1
"Reverse Engineering Process Injection" Samples - Part 2
"Reverse Engineering Process Injection" Samples - Part 3
"Analyzing Anti-Analysis Mechanisms in Malware" Samples
"Analyzing Persistence Mechanisms in Malware" Samples

Practical Analysis

Custom Sample README
Custom Sample 1

Chapter 0x04: Malware Internals

Within this chapter we'll be getting into the core of common malware variants, from analysing the browser hooking & inject functionality of banking trojans, to the Luhn10 algorithms in use by Point-Of-Sale based implants, and the propagation techniques employed by worms.
Malware Internals: Qakbot Web Inject Loader (Part 1)
Malware Internals: Qakbot Web Inject Loader (Part 2)
Malware Internals: Worms & Spyware
Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs
"Malware Internals: Qakbot Web Inject Loader" Sample
"Malware Internals: Worms & Spyware" Samples
"Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs" Samples

Chapter 0x05: In-Depth Analysis

This section consists of two sample deep-dives; the first being Trickbot and it's Active Directory components, and the second being an analysis of the Qbot banking trojan, from the very first stage, up until a network protocol & C2 communications analysis walkthrough.
Theory - Trickbot & Active Directory: In-Depth Analysis
Practical - Trickbot & Active Directory: In-Depth Analysis
Trickbot & Active Directory: Prototype Source Code (CPP)
Qakbot Deep Dive - First Stage Analysis
Qakbot Deep Dive - Second Stage Analysis
Qakbot Deep Dive - Communications Analysis
"Qakbot Deep Dive - First Stage Analysis" Sample
Compiled BriefLZ DLL
Qakbot Scripts

Chapter 0x06: Exploitation

Here we will be reverse engineering and analysing exploitation code within malware samples; specifically a kernel-level privilege escalation exploit used by Ramnit, exploitation of a vulnerable driver to disable Driver Signature Enforcement used by the RobbinHood ransomware gang, and the infamous EternalBlue & EternalRomance exploits in use by Trickbot for network propagation.
Trickbot Case Study: EternalBlue & EternalRomance - Theory
Trickbot Case Study: EternalBlue & EternalRomance - Practical
Analysing a Kernel Level Priv. Esc. Exploit: CVE-2014-4113
Kernel Level Priv. Esc. Exploit Samples
Analysing a Vulnerable Driver Exploitation Technique for Disabling DSE
Vulnerable Driver Exploitation Samples
Analyzing a UAC Bypass

Chapter 0x07: Decompilable2Src Malware

This chapter steps away from natively compiled binaries and .NET based samples, and focuses on reversing other programming languages commonly used to develop malware, such as Python, JavaScript, and PowerShell.
Analyzing Uncompiled & Decompilable Malware
"Analyzing Uncompiled & Decompilable Malware" Samples

Chapter 0x08: Threat Intelligence

This chapter walks through the typical threat intelligence process when it comes to malware analysis & reverse engineering, as well as describing how to develop effective YARA rules for detection and threat hunting.
Hunting for Automated Signature Development - YARA
Threat Intelligence - Part 1
Threat Intelligence - Part 2

Chapter 0x09: Shellcode Analysis

This chapter walks you through the somewhat tricky process of reverse engineering malicious shellcode, using tools to execute it within a debugger, as well as analysing some of the techniques commonly seen within shellcode in the wild.
Analysing Shellcode Statically and Dynamically
"Analysing Shellcode Statically and Dynamically" Samples

Chapter 0x0A: Rootkits & Bootkits

The final chapter of the core Zero2Automated material, this chapter focuses on Trickbot's bootkit vulnerability reconnaissance tool, and how it operates at the kernel level.
TrickBoot Theory PDF: Technical Details
Analyzing Trickbot's Bootkit Vulnerability Reconnaissance Tool: Trickboot
permaDll32.zip

Final Examination

Examination Brief
Zero2Automated Exam: Theory

Biweekly Malware Challenges

Challenge #1: Gozi String Decryption
Challenge #2: IcedID Configuration Extraction
Challenge #3: Oski Stealer String Decryption
Challenge #4: Operation DreamJob

Zero2Hero

You asked for it, and we're providing it! Here you can find all the videos from our previous course, Zero2Hero, that was released for a short period of time in 2019. Now it's back for good!
Zero2Hero: Algorithms - RC4
Zero2Hero: How Attackers Gain Footholds
Zero2Hero: Persistence
Zero2Hero: Privilege Escalation
Zero2Hero: Analysis Of ASUS SHADOWHAMMER Attack
Preview
Zero2Hero: Basic Injection Techniques
Zero2Hero: RigEK - Theory
Zero2Hero: RigEK - Practice Part 1
Zero2Hero: RigEK - Practice Part 2
Zero2Hero: POS - Theory
Zero2Hero: POS - Practice
Zero2Hero: FIN7 Insights - Theory
Zero2Hero: FIN7 Insights - Practice Part 1
Zero2Hero: FIN7 Insights - Practice Part 2
Zero2Hero: Trickbot Hooking Engine - Theory
Zero2Hero: Trickbot Hooking Engine - Practice
Zero2Hero: Golang Usage in Malware - Theory
Zero2Hero: Golang Usage in Malware - Practice
Zero2Hero: YARA Hunting for Code Reuse - Theory
Zero2Hero: YARA Hunting for Code Reuse - Practice
Zero2Hero: Malware Samples

Zero2Automated: Malware Walkthroughs E-Book

Zero2Automated Malware Walkthroughs
Zero2Automated Malware Walkthroughs - EPUB (Test)

Blog Posts

Full Blog Posts/Writeups written by the Zero2Auto Team
Netwalker - From static RE to automatic extraction

Resources

Link to Windows 7 VM

FAQs

Do I get lifetime access to the course?

Yes! Upon purchasing the course, you gain immediate lifetime access, allowing you to come back every few months to look at specifics! No additional payments, no additional worries! Furthermore, further content will be added to the course over time, which you will also gain access to, free of charge!

Can I access the course offline?

Unfortunately the videos cannot be accessed offline, however, you are able to download the theoretical material provided alongside the course, to study more in-depth topics offline!

Is payment possible without PayPal?

Both Stripe (Credit Card/Debit Card payments) and PayPal are the main supported payment processors of the platform, however if these are an issue for you, we may be able to work out possible payment methods - in that case, please see the "How can I contact you" answer.

Is a Certificate of Completion given?

It is! Upon completing the videos, there will be a short test that you can take. Upon passing this test, you will receive a certificate of completion, with your name on it!

How can I contact you for further questions?

You can contact us over Twitter (@0verfl0w_) or via Email (contact@0ffset.net)

Be the first to know

Get product updates, launch announcements and more by joining the newsletter.

You're signing up to receive emails from 0ffset Training Solutions