A couple of months ago I surprisingly won a voucher for The Art of Malware Analysis by @nu11charb (course: https://courses.null-char.com/courses/the-art-of-malware-analysis).
Time to do my part and review the course. I like small reviews, so I will keep it at that.
Review
Let’s start with a summary of the key points I noticed while doing the course.
Key Points
- very thourough, covers basic and intermediate malware analysis topics
- expects students to do the supplied exercises to understand the material
- works with real-world malware
- covers x86 assembly in an accessible way
- covers automating tasks and config extraction
Details
The course starts with a general introduction to malware and the analysis of malware. You start with some prerequisites, building a safe lab, further going towards basic static/dynamic analysis, to x86 assembly, to advanced static/dynamic analysis and config extraction. The config extraction part is something I was really looking forward to and I was not let down, I learned a lot from it. The next part of the course covers YARA rules and automating various tasks, which is very important and necessary when analyzing malware. You’re gonna work with real-world malware by the way :)
It is expected that the students of the course do their homework - let’s be honest here: If you’re interested in the topic you’ll do it anyway and when you learn something new you’re gonna have to put the time in, doesn’t matter what topic it is. It’s good that this is addressed. As I said in my PMAT review: You’re not gonna grow muscle if you read a book about bodybuilding, you have to lift weights for that. Same goes for everything else that’s practical in nature. I liked what Ahmed says here: Malware Analysis requires research, you’ll need to look things up - I fully agree with him there. MSDN and Google are your friends. Nevertheless, you are supplied with all of the knowledge you need by this course, you’re going to have the basics down and the means to help yourself when navigating through malware unknown to you. Ahmed does an excellent job here, doesn’t matter if you’re a beginner or already have some experience, he teaches you what you need to know from the very bottom to intermediate level. I also like his way of talking, teaching and bringing the topics across. By the way, it’s really easy to follow along with him while watching the videos. In order to get a deeper understanding, you’re supplied with exercises so you can really dig in. There is a discord for the course if you need help or get stuck as well.
In summary: The course is very thourough, beginner friendly and accessible for anyone who wants to learn. I can only recommend this course, for me personally it’s a 10/10. If you want to get an impression, just go to Ahmed’s YouTube channel and see for yourself: https://www.youtube.com/channel/UC0vsNncAvJlPh2XGUi5s33Q