IntermediateWindows Malware16h of content · 2 guided labsAudio:ES750 XP

Windows Malware Intermediate

Hands-on Windows malware analysis at intermediate level: bypass anti-debugging and sandbox evasion with ScyllaHide, manually unpack protected binaries with x64dbg, detect process injection and process hollowing, extract C2 configurations from live traffic, and deliver professional DFIR reports with MITRE ATT&CK TTPs, IOCs, and detection rules.

200+ students·4.9/5 rating·High completion rate

14-day money-back guarantee · No subscription · Lifetime access

Preview the student experience

No login · Free interactive demo

Try demo →
HTKWhat's included
  • Access to all course videos and materials
  • Unlimited guided lab access with auto-validated flags
  • HTK Certificate upon completion
  • Lifetime course access with future updates
  • Flexible, self-paced learning schedule
  • 30-day satisfaction guarantee
159

One-time payment, no subscription

Join Waitlist →

2

⬡ 2 guided lab

Isolated VM environment

16h

Of content

Videos + practice + exams

5

Modules

Progressive difficulty

2–4h

Per lab session

Unlimited restarts

Lab tools you will use

FLARE-VMEnvironmentx64dbgDebuggerScyllaHideLab toolPE-StudioStatic analysisProcmonMonitoringProcess ExplorerMonitoringCAPADetectionYARADetectionFakeNet-NGNetworkWiresharkNetworkFLARE-VMEnvironmentx64dbgDebuggerScyllaHideLab toolPE-StudioStatic analysisProcmonMonitoringProcess ExplorerMonitoringCAPADetectionYARADetectionFakeNet-NGNetworkWiresharkNetwork
AutorunsPersistenceDIEStatic analysisFLOSSStringsScyllaUnpackingPE-sieveDetectionHollowsHunterLab toolCyberChefDecoderSysmonLab toolSigmaDetectionAutorunsPersistenceDIEStatic analysisFLOSSStringsScyllaUnpackingPE-sieveDetectionHollowsHunterLab toolCyberChefDecoderSysmonLab toolSigmaDetection

Before you start — quick answers

Course Syllabus

5 course syllabus · 16h of content

What you will learn

  • Identify and bypass anti-debugging tricks (IsDebuggerPresent, PEB flags, RDTSC timing) using ScyllaHide and manual conditional-jump patching
  • Manually unpack UPX and custom-packed binaries with x64dbg: locate the OEP via tail-jump patterns, dump the image, and reconstruct the IAT with Scylla
  • Detect and confirm shellcode injection, DLL injection, and process hollowing using PE-sieve, HollowsHunter, and Process Explorer forensic evidence
  • Analyze C2 traffic in Wireshark (beaconing, JA3 fingerprinting, fast-flux DNS, DGA) and extract encrypted configuration blobs using CyberChef
  • Deliver a professional DFIR report with MITRE ATT&CK TTP table, full IOC list, and YARA/Sigma/Sysmon detection rules

Hands-on Lab

Analyze two advanced malware samples in an isolated FLARE-VM lab. In the first lab, bypass anti-debugging tricks (IsDebuggerPresent, PEB NtGlobalFlag, timing attacks with RDTSC) using ScyllaHide, locate the OEP in a packed binary via tail-jump patterns, dump the unpacked image with Scylla, and reconstruct the IAT for clean static re-analysis. In the second lab, a multi-stage sample performs process hollowing over a benign Windows process — confirm the injection with PE-sieve and HollowsHunter, capture the C2 beacon in Wireshark, decode the encrypted configuration blob using CyberChef (base64 + XOR pipeline), and deliver a final DFIR report with MITRE ATT&CK TTPs (T1055, T1573, T1547), a full IOC list, and a Sysmon detection rule.

2⬡ 2 guided lab
2–4hSession window
UnlimitedRestarts
AutoFlag validation
Experience a lab preview →

Requirements

  • ·Modern web browser
  • ·Stable internet connection
  • ·No local installation required
  • ·Basic technical English recommended

Frequently Asked Questions

Complete answers about this course, labs, certificates, and refunds

Start from the beginning?

Windows Malware Beginner

Not ready for intermediate yet? Windows Malware Beginner covers the foundational skills and guided labs you need before tackling the advanced material.

14h of content1 guided lab119
View Beginner Course →
Ready to level up?

Build real Windows Malware skills

Get hands-on with real Windows Malware scenarios, professional-grade tools, and validated flag objectives. No prior experience needed.

From159or 199 € for the complete path
One-time payment, no recurring chargesLifetime access, course updates included14-day money-back guarantee