Kaspersky launches new cybersecurity training ‘Advanced malware reverse engineering with Ghidra’

IT Security professionals can now sharpen their skills in reverse engineering thanks to Kaspersky’s new online course. Hosted by leading cybersecurity professionals from the Global Research & Analysis Team (GReAT), the course is tailored to provide a robust foundation in the Ghidra framework and expand trainees’ understanding of the malware analysis process.

According to the EY-Parthenon Digital Investment Index, company executives believe the need for digitization is paramount to business growth. Evidence of this urgency could already be seen in 2022, with a record-breaking spike of 65 percent in digital investments. As the digital realm continues to expand, the challenges associated with it grow as well, with cyber threats looming. As a result, InfoSec professionals must be prepared so they can detect and prevent sophisticated cyber threats on time. They must develop theoretical and practical skills, working with different tools and frameworks such as Ghidra, which could become indispensable when tackling cyberattacks.

Ghidra[1] is a free open-source software reverse-engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. It includes a suite of software analysis tools, enabling users to analyze compiled code on a variety of platforms. Ghidra gives malware analysts broader options than other frameworks to help them deal with code. Ghidra also helps InfoSec professionals to analyze Advanced Persistent Threats (APTs), Kaspersky experts, for instance, successfully used this framework to investigate Operation Triangulation, an APT campaign targeting iOS devices, discovered this June.

‘Advanced malware reverse engineering with Ghidra’ is the highest level in a series of Kaspersky reverse-engineering-related courses within the xTraining portfolio. To complete it successfully, it is recommended that trainees have basic knowledge in this field, that can be acquired from existing programs such as

  • ‘Reverse Engineering 101’ https://xtraining.kaspersky.com/courses/reverse-engineering-101/
  • ‘Targeted Malware Reverse Engineering’ https://xtraining.kaspersky.com/courses/targeted-malware-reverse-engineering/
  • Advanced malware analysis techniques https://xtraining.kaspersky.com/courses/advanced-malware-analysis-techniques/

In the new course trainees will learn how to perform a typical malware analysis workflow, how to work with data types and structures in Ghidra, and how to use Ghidra’s disassembler and decompiler scripting capabilities to automate reverse engineering tasks. Besides, they can find out how to extend Ghidra’s capabilities using the Eclipse IDE(TM).[2] Besides basic knowledge, trainees will strengthen their practical skills by analyzing real samples.

The course was authored by Igor Kuznetsov, Director of GReAT at Kaspersky, an expert with many years of experience in reverse engineering, and Georgy Kucherin, GReAT Security Researcher.

The new training program consists of more than 40 video lectures breaking down complex concepts into easily digestible segments and providing listeners with the capability to study at their own pace. The knowledge gained will then be applied in our Virtual Lab, a secure virtual environment created specifically for checking the level of understanding and enhancing practical skills.

The educational course is equally valuable for IT Security professionals dealing with malware analysis, for cybersecurity consultancies aiming to empower their personnel, and for enterprises striving to elevate their SOC teams.

“Starting with mastering the basics of Ghidra, you’ll embark on a journey that de-mystifies the malware analysis workflow.  We suggest that you start this transformative training course with Kaspersky and find out that the knowledge of Ghidra isn’t just an achievement — it’s a strategic advantage”, comments Igor Kuznetsov.

Registration to the new course is available through this link.https://kas.pr/1qm2

[1] Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, in this Software is used for informational purposes only and does not constitute any association or relationship with NSA or its products.

[2] Eclipse IDE is a trademark of Eclipse Foundation, Inc.