Ultimate Malware Reverse Engineering Bundle

Please Note: While the original Beginner Malware Analysis Course is being remastered, we have temporarily discontinued new purchases of the Ultimate Malware Reverse Engineering Bundle.

£185.99 or 3 monthly payments of £65

Ultimate Malware Reverse Engineering Bundle

Closed
Discord access

Perfect for all skill levels, from a complete beginner to an expert analyst - this bundle has it all.

Buy now

So, you want to learn and/or improve upon your existing malware analysis and reverse engineering skills?

You’ve found the right place.

Initially created in response to the extreme lack of affordable advanced malware reverse engineering training, the Zero2Automated: Advanced Malware Analysis Course was developed by malware reverse engineers, for malware reverse engineers – with a large focus placed on practical analysis and practical approaches.

This training walks you through a typical malware infection chain, covering different techniques in use by modern-day threat actors at each stage in the chain – and for each stage we cover a different malware family, so you will be able to experience analysing a vast array of malware throughout this course. From analysing exploit-embedded malicious documents, to reverse engineering a modular implant designed to harvest user credentials, Zero2Automated provides you with everything needed to enhance and advance your malware analysis skillset.

While we focused on packing as much material with a practical focus into this course, we do realise that theory is vital in order to understand certain fundamentals, such as grasping the internals of the PROPagate injection technique, or how Equation Editor could be exploited through a malformed FONT type within a Word document to gain code execution. Therefore, we provide theoretical whitepapers alongside the chapters that require a deeper dive, allowing you to refer back to them whenever needed.

Purchase as a Gift

Looking at gifting the course to an aspiring malware analyst or reverse engineer? Whether as a seasonal gift, birthday present, or simply just a gesture of thanks, we'll provide you with a 100% off discount code that you can send to the individual of your choosing.

Gift The Course

This course has all it takes to be the best malware analysis course out there, the content is wonderful, the content creators and instructors are well-known researchers, the price is considerably cheap, and most importantly the practical aspect of the course (which is the most important thing in a malware analysis course) is very intense!

Amged Wageh

I really want to give a shout out to @0verfl0w_ and @VK_Intel for their #Zero2Auto Malware course. Having access to a well organized syllabus which structurally teaches malware analysis, and not to mention automation. I am one happy researcher.

Danus Minimus

What is even better than a solid malware reverse engineering training? A solid malware reverse engineering training packed with additional features to add further value-for-money.

Starting out, we knew the plan was always to build up the amount of value within this course.

Currently, upon purchasing this bundle you will gain exclusive access to an e-book written by Jason Reaves (@sysopfb) that walks you through several sophisticated malware samples such as Qakbot and GuLoader, 10% off IDA Pro Named License or IDA Home License – the industry standard for disassemblers and decompilers – and access to the Zero2Automated Discord community for collaboration with fellow students, participation in the bi-weekly malware challenges, job postings channel, and more!

Oh, and of course you will also gain access to the Beginner Malware Analysis Course - an additional 8+ hours of video content.

*Sandbox & MISP Bundle is currently unavailable

Certification of Completion

After successful completion of Zero2Automated: The Advanced Malware Analysis Course, as well as passing the final exam, you will receive a Certificate of Completion, along with a unique certificate ID for verification.

Most courses I found on malware analysis were either too basic/general or they did not have much hands-on practice at all. Z2A is completely different because it’s really practical and decently challenging. The theory of most covered topic can be found online, but the full walkthrough of malware samples that use those techniques in this course is invaluable. I would say this course is probably one of the best investments I have made to learn RE!

Chuong Dong

Such an excellent content. This is a must if you want to understand the real power of analyzing malware. It offers up-to-date content and very detailed explanations including notorious malware samples such as Qakbot and IcedID.
The whole course is organized in such a way that it makes you grasp the key concepts of reverse engineering cyber threats, without going crazy. Absolutely love it.

Felipe Duarte

Bundle Prerequisites

As surprising as it may seem, there are no prerequisites required for you to successfully take this course! The Beginner Malware Analysis Course and the added Zero2Hero course contains everything you will need to understand concepts covered in the more advanced Zero2Automated course!

The Beginner Malware Analysis Course

"Whether you are at the start of your journey into Malware Analysis, or perhaps you are looking to refine your skills in different areas, this course will be beneficial for you. With beginners in mind, the course is comprised of several modules, each focusing on a different aspect of Malware Analysis - this ranges from learning x86 Assembly and analyzing Visual Basic macros, to extracting configurations and learning about encryption algorithms"

This course covers the very basics of Malware Analysis and Reverse Engineering, from introducing the tools of the trade, to reverse engineering multiple modern malware families. The information is provided through theoretical slides, followed by a practical example, whether that is setting up an InetSim instance to intercept malware traffic, or extracting the configuration from a notorious Banking Trojan; it has everything you need to get into the ever-changing field that is Malware Analysis and Reverse Engineering!

Zero to Automated is a natural progression to SANS FOR610, expanding on the analysis of malware obfuscation techniques by dissecting the most prolific and pervasive malware families in use by cybercrime campaigns today.

Jason

This course is really worth it! When last time I checked SANS course FOR610 with info from 2016 it cost around 7k and I'm quite not sure is it even worth the amount of money zero2auto costs

Johnny Belinda

No other course can cover topic in depth, that this course has with real malware samples from wild. Step by step walkthrough of malware is what make this course different from all others. And the final exam is unbelievably awesome.

Sanjay Panchal

Hex-Rays Discount

We have also partnered with a company you may be familiar with... Hex-Rays!
Upon purchasing the course*, you will be able to grab a 10% discount on an IDA Pro Named License or an IDA Home License, with the discount remaining valid for one year from your course purchase date! In order to activate the discount, it's as simple as adding the license to your cart and then entering your course email address in the "end user email" box, before clicking "update"!

*(All existing students will be able to take advantage of this discount for 1 year starting 29/09/2021)

In my opinion, the course was amazing. The range of topics is really wide, and yet everything is discussed in detail and explained thoroughly. One can tell a lot of work went into making this course, which still sells at a very affordable price. The self-paced approach is invaluable when trying to digest so much densely packed information. I don't think there is anything else available out there with such a great quality to price ratio.

Giacomo Casoni

Course Contents

Chapter 0x00: Course Introduction

Course Introduction and Structure

6 mins
128 MB

Preview

Presentation Access

Discord Invite

IDA Pro & Hex-Rays Training Discount

Chapter 0x01: Recognising Algorithms

This chapter is all about recognising algorithms within malware samples using different techniques, in order to assist with string decryption, configuration extraction, and network traffic analysis!

Looking at Algorithms inside of Malware

48 mins
3.84 GB

Recognizing Common Cryptographic Algorithms - Encryption

1.45 MB

"Recognizing Common Cryptographic Algorithms - Encryption" Samples

1.03 MB

Chapter 0x02: Initial Stagers

This chapter starts off by analysing first-stage malware loaders that take the form of malicious macro-embedded documents & documents that exploit a vulnerability within Equation Editor, before reverse engineering the IcedID and ZLoader second-stage loaders - enough to be able to develop a configuration extractor and a basic protocol emulator.

Unpacking Malware Samples

60 mins
1.39 GB

Diving into 1st Stage Loaders

(1h 09m 12s)
2.07 GB

Reversing Second Stage Loaders - IcedID

45 mins
1.02 GB

Reversing Second Stage Loaders - Zloader

34 mins
600 MB

Writing Automated Config Extractors and Emulators

(1h 00m 06s)
1.19 GB

Equation Editor Theory PDF: Exploit Analysis

1.86 MB

"Unpacking Malware Samples" Samples

2.35 MB

"Diving into 1st Stage Loaders" Macro Infected Documents

166 KB

"Diving into 1st Stage Loaders" Equation Editor Exploiting Documents

1.21 MB

"Reversing Second Stage Loaders" Samples

168 KB

Chapter 0x03: Evasion

In this section we will be diving into several different techniques in use by malware to evade detection. This includes in-depth analysis on multiple popular injection methods (such as PROPagate injection and EarlyBird injection), anti-analysis mechanisms, and common persistence techniques.

Reverse Engineering Process Injection - Reflective, DLL, PE, Hollowing

59 mins
1.33 GB

Reverse Engineering Process Injection - Doppelganging, APC, EarlyBird

(1h 18m 21s)
1.76 GB

Reverse Engineering Process Injection - API Hooking

38 mins
955 MB

Reverse Engineering Process Injection - PROPagate Injection

43 mins
1.29 GB

Analyzing Anti-Analysis Mechanisms in Malware

40 mins
718 MB

Analyzing Persistence Mechanisms in Malware

54 mins
1.27 GB

Process Injection Theory PDF: PROPagate Injection

131 KB

Process Injection Theory PDF: Process Doppelganging

82.7 KB

Process Injection Theory PDF: Reflective DLL Injection

1.5 MB

"Reverse Engineering Process Injection" Samples - Part 1

819 KB

"Reverse Engineering Process Injection" Samples - Part 2

522 KB

"Reverse Engineering Process Injection" Samples - Part 3

222 KB

"Analyzing Anti-Analysis Mechanisms in Malware" Samples

3.94 MB

"Analyzing Persistence Mechanisms in Malware" Samples

4.39 MB

Practical Analysis

Custom Sample 1

129 KB

Custom Sample README

Chapter 0x04: Malware Internals

Within this chapter we'll be getting into the core of common malware variants, from analysing the browser hooking & inject functionality of banking trojans, to the Luhn10 algorithms in use by Point-Of-Sale based implants, and the propagation techniques employed by worms.

Malware Internals: Qakbot Web Inject Loader (Part 1)

57 mins
949 MB

Malware Internals: Qakbot Web Inject Loader (Part 2)

(1h 46m 47s)
1.94 GB

Malware Internals: Worms & Spyware

47 mins
1.18 GB

Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs

(1h 19m 38s)
3.26 GB

"Malware Internals: Qakbot Web Inject Loader" Sample

239 KB

"Malware Internals: Worms & Spyware" Samples

3.73 MB

"Malware Internals: Ransomware, POS, Wipers, SpamBots, and RATs" Samples

18.4 MB

Chapter 0x05: In-Depth Analysis

This section consists of two sample deep-dives; the first being Trickbot and it's Active Directory components, and the second being an analysis of the Qbot banking trojan, from the very first stage, up until a network protocol & C2 communications analysis walkthrough.

Theory - Trickbot & Active Directory: In-Depth Analysis

37 mins
1.66 GB

Practical - Trickbot & Active Directory: In-Depth Analysis

24 mins
1.29 GB

Trickbot & Active Directory: Prototype Source Code (CPP)

6.45 KB

Qakbot Deep Dive - First Stage Analysis

(1h 08m 16s)
1.48 GB

Qakbot Deep Dive - Second Stage Analysis

49 mins
942 MB

Qakbot Deep Dive - Communications Analysis

(1h 21m 40s)
1.62 GB

"Qakbot Deep Dive - First Stage Analysis" Sample

210 KB

Compiled BriefLZ DLL

11 KB

Qakbot Scripts

18.4 KB

Chapter 0x06: Exploitation

Here we will be reverse engineering and analysing exploitation code within malware samples; specifically a kernel-level privilege escalation exploit used by Ramnit, exploitation of a vulnerable driver to disable Driver Signature Enforcement used by the RobbinHood ransomware gang, and the infamous EternalBlue & EternalRomance exploits in use by Trickbot for network propagation.

Trickbot Case Study: EternalBlue & EternalRomance - Theory

45 mins
545 MB

Trickbot Case Study: EternalBlue & EternalRomance - Practical

21 mins
497 MB

Analysing a Kernel Level Priv. Esc. Exploit: CVE-2014-4113

(1h 12m 00s)
1.54 GB

Kernel Level Priv. Esc. Exploit Samples

1.07 MB

Analysing a Vulnerable Driver Exploitation Technique for Disabling DSE

45 mins
1.1 GB

Vulnerable Driver Exploitation Samples

110 KB

Analyzing a UAC Bypass

47 mins
1.37 GB

Chapter 0x07: Decompilable2Src Malware

This chapter steps away from natively compiled binaries and .NET based samples, and focuses on reversing other programming languages commonly used to develop malware, such as Python, JavaScript, and PowerShell.

Analyzing Uncompiled & Decompilable Malware

(1h 01m 00s)
1.24 GB

"Analyzing Uncompiled & Decompilable Malware" Samples

7.07 MB

Chapter 0x08: Threat Intelligence

This chapter walks through the typical threat intelligence process when it comes to malware analysis & reverse engineering, as well as describing how to develop effective YARA rules for detection and threat hunting.

Hunting for Automated Signature Development - YARA

23 mins
620 MB

Threat Intelligence - Part 1

36 mins
1.6 GB

Threat Intelligence - Part 2

33 mins
1.29 GB

Chapter 0x09: Shellcode Analysis

This chapter walks you through the somewhat tricky process of reverse engineering malicious shellcode, using tools to execute it within a debugger, as well as analysing some of the techniques commonly seen within shellcode in the wild.

Analysing Shellcode Statically and Dynamically

(1h 07m 00s)
1.61 GB

"Analysing Shellcode Statically and Dynamically" Samples

18 KB

Chapter 0x0A: Rootkits & Bootkits

The final chapter of the core Zero2Automated material, this chapter focuses on Trickbot's bootkit vulnerability reconnaissance tool, and how it operates at the kernel level.

TrickBoot Theory PDF: Technical Details

205 KB

Analyzing Trickbot's Bootkit Vulnerability Reconnaissance Tool: Trickboot

49 mins
2.94 GB

permaDll32.zip

80.2 KB

Final Examination

Examination Brief

Zero2Automated Exam: Theory

Biweekly Malware Challenges

Challenge #1: Gozi String Decryption

Challenge #2: IcedID Configuration Extraction

Challenge #3: Oski Stealer String Decryption

Challenge #4: Operation DreamJob

Zero2Hero

You asked for it, and we're providing it! Here you can find all the videos from our previous course, Zero2Hero, that was released for a short period of time in 2019. Now it's back for good!

Zero2Hero: Algorithms - RC4

17 mins
307 MB

Zero2Hero: How Attackers Gain Footholds

28 mins
569 MB

Zero2Hero: Persistence

18 mins
672 MB

Zero2Hero: Privilege Escalation

30 mins
974 MB

Zero2Hero: Analysis Of ASUS SHADOWHAMMER Attack

36 mins
972 MB

Zero2Hero: Basic Injection Techniques

(1h 03m 07s)
1.55 GB

Zero2Hero: RigEK - Theory

18 mins
152 MB

Zero2Hero: RigEK - Practice Part 1

12 mins
49.4 MB

Zero2Hero: RigEK - Practice Part 2

9 mins
31.2 MB

Zero2Hero: POS - Theory

14 mins
116 MB

Zero2Hero: POS - Practice

11 mins
24.8 MB

Zero2Hero: FIN7 Insights - Theory

12 mins
98.4 MB

Zero2Hero: FIN7 Insights - Practice Part 1

7 mins
32.1 MB

Zero2Hero: FIN7 Insights - Practice Part 2

3 mins
5.76 MB

Zero2Hero: Trickbot Hooking Engine - Theory

14 mins
113 MB

Zero2Hero: Trickbot Hooking Engine - Practice

14 mins
286 MB

Zero2Hero: Golang Usage in Malware - Theory

19 mins
179 MB

Zero2Hero: Golang Usage in Malware - Practice

13 mins
45.1 MB

Zero2Hero: YARA Hunting for Code Reuse - Theory

34 mins
287 MB

Zero2Hero: YARA Hunting for Code Reuse - Practice

15 mins
33.3 MB

Zero2Hero: Malware Samples

19.4 MB

Zero2Automated: Malware Walkthroughs E-Book

Zero2Automated Malware Walkthroughs - EPUB (Test)

923 KB

Zero2Automated Malware Walkthroughs

1.01 MB

Blog Posts

Full Blog Posts/Writeups written by the Zero2Auto Team

Netwalker - From static RE to automatic extraction

256 KB

Resources

Link to Windows 7 VM

FAQs

Do I get lifetime access to the course?

Yes! Upon purchasing the course, you gain immediate lifetime access, allowing you to come back every few months to look at specifics! No additional payments, no additional worries! Furthermore, further content will be added to the course over time, which you will also gain access to, free of charge!

Can I access the course offline?

Unfortunately the videos cannot be accessed offline, however, you are able to download the theoretical material provided alongside the course, to study more in-depth topics offline!

Is payment possible without PayPal?

Both Stripe (Credit Card/Debit Card payments) and PayPal are the main supported payment processors of the platform, however if these are an issue for you, we may be able to work out possible payment methods - in that case, please see the "How can I contact you" answer.

Is a Certificate of Completion given?

It is! Upon completing the videos, there will be an examination that you can take. Upon passing this examination, you will receive a certificate of completion, with your name on it!

How can I contact you for further questions?

You can contact us over Twitter (@0verfl0w_) or via Email (contact@0ffset.net)

Be the first to know

Get product updates, launch announcements and more by joining the newsletter.