How to start a journey in malware analysis with a sandbox

How to Use a Sandbox for Malware Analysis Training

Software engineering, incident response, network monitoring, and other branches of cybersecurity require professionals. In our blog post, we will discuss how junior specialists can start a journey in malware analysis and how lecturers can raise an expert using modern tools like a malware sandbox.

Malware analysis training goals

Experts in malware analysis have certain areas of responsibility. Let’s take a look at some popular cybersecurity jobs and their average salaries, according to the U.S. Bureau of Labor Statistics.

Popular cybersecurity jobs

Job Title Average Salaries, $
Cybersecurity Analyst95,000
Cybersecurity Consultant91,000
Cybersecurity Manager / Administrator105,000
Software Developer/Engineer110,140
Systems Engineer90,920
Network Engineer/Architect83,510
Vulnerability Analyst/Penetration Tester103,000
Cybersecurity Specialist / Technician92,000
Incident Analyst / Responder89,000

The fundamental knowledge of all these professions is pretty the same for everyone. And if you decide to start training, there are several educational goals that you should reach: 

Goals of malware analysis training

Then it’s important to have a plan for how to accomplish the goals of your education. There are several ways to do it: take up courses, pick up skills on your own, visit workshops, etc.

Top courses for your malware analysis training 

We have prepared courses that have been tested by thousands of students, provide reliable content and trustful lecturers. Besides that, we have a present for you from our partners – get a special discount to encourage your development!

Zero2Automated

Zero2Automated is an advanced malware analysis & reverse engineering course, aimed at those looking to build on their existing skillsets without breaking the bank. The training covers a wide range of topics, from algorithms within the malware, persistence techniques, banking trojan internals, and much more, as well as providing a community discord server for all the students to collaborate on course content and challenges!

Check out a promo code for ANY.RUN readers – it provides a 15% discount for the first 50 users. 

OALabs

OALABS’s authors say that its mission is to bring reverse engineering tutorials that they wished to have when they were learning to analyze malware. From advanced topics like how to remove control-flow obfuscation, or unpack VMProtect, to basics like how to use a debugger – they cover it all at. You can also find OALabs on YouTube and  Twitch streaming every Thursday and Sunday.

Cyber 5W 

Malware Analysis – Virtual Live Training is a Cyber 5W course. It covers several modules to help you start your journey in analyzing malware. Each module focuses on different skills building up your analysis arsenal, with skills related to PE analysis, assembly and reverse engineering, debugging, deobfuscation, and reporting.

Get a 20% discount code for all Cyber 5W Courses with the promo code – Welcome2AnyRun

Champlain college courses

Computer and Digital Forensics Program of Сhamplain college has a wide range:

Introduction to Operating Systems and Incident Response: In this course, students learn the basic computer organization and the main functions of operating systems. This is great training about best practices and techniques for responding to security incidents and the incident response lifecycle.

Malware Analysis: Students get various techniques to study malware working with real commodity malware as well as specially crafted advanced malware. We study various techniques of malware propagation, methods of detection-evasion, and how to respond to a malware outbreak. 

Malware Analysis and Reverse Engineering: This course covers advanced techniques used by malware and how to statically and dynamically analyze them. You can find out how to dissect by reverse engineering and debugging malware samples. 

And we couldn’t help but mention a great resource that can become your go-to- book in the first steps of the cybersecurity path: A guide on Practical Malware Analysis

Besides theoretical knowledge, you need practice. And it’s amazing when a program is based on up-to-date tools that make education easier and more understandable. A sandbox is a great solution for these needs.

How to use a sandbox for malware analysis training

A sandbox is a tool for malware analysis in a secured environment. And it is a great mix of static and dynamic analysis that a cybersecurity specialist needs. Most importantly, it is a great platform for training young specialists. ANY.RUN has a user-friendly interface and detailed reports that can be used for education. Let’s take a look at how the sandbox can be integrated into a malware course:

Education 

  1. A user-friendly interface allows performing effective and qualitative investigations even for junior specialists.

The sandbox’s interactive approach allows users to see malware in action but is completely safe. Information is displayed conveniently, so you can adapt on the fly and pick up new skills. 

  1. Monitor malware’s actions in real-time 

Upload a sample, start a task, and watch malware behavior live. You can monitor all processes and connections, influence the virtual machine, and interact with malware. 

  1. See the results of the analysis right away, how malware executes, and it doesn’t require any preparation. 

Just start the task and get the result. During the training, there will be no need to look up other resources, because all results are already here, based on fresh samples that you can investigate: collect IOCs and check techniques. Various types of data can help you to see the whole picture of malicious intentions, for example, process graphs.

Process graph in ANY.RUN
Process graph in ANY.RUN

These advantages help to demonstrate the latest malicious techniques and examine malware during the class. Different universities already use ANY.RUN in their courses. 

For example, the service helps to improve the practice of the online training courses: Zero2Hero for beginners and the Zero2Automated reverse engineering program. 

ANY.RUN has always been my go-to whenever I have a new sample that needs to be analyzed, as it provides brilliant IOCs in the time it takes to grab a coffee, allowing me to cut down on total time spent in a debugger or disassembler window! Therefore, I knew it would be a perfect add-on to introduce to the students of the course, as well as to provide them with access to paid features, so they could experience the full range of capabilities offered within ANY.RUN.

Daniel Bunce, Malware Analysis Course Author at Zero2Automated 

Moreover, 3 malware analysis courses at Dakota State University, integrate the interactive sandbox into their programs. 

Malware analysis and threat hunting are crucial skills needed by our next generation of cybersecurity professionals. Providing safe environments with the appropriate tools to analyze malicious files can be quite challenging, and platforms such as ANY.RUN offer incredible opportunities for students to get hands on, without having to build out their own infrastructure or handle these malicious files on their own systems. The sandbox provides direct and valuable insight into how the malware operates to help students begin to understand the tactics and procedures employed by threat actors, which allows them to effectively build a solid foundation of malware analysis knowledge. The service has become an indispensable part of the courses I teach.

Dr. Josh Stroschein, former assistant professor of Cyber Security and Network & Security Administration at DSU

Research

The ANY.RUN community provides a huge database of malware samples and IOCs. Today any analyst can run the analysis of more than 6,5m samples. Public submission allows you to find the exact malicious object you need with the help of the filter. Choose the parameters, type hash, or malware family, and the sample is already waiting for you. 

Moreover, the platform is able to analyze a vast array of malware in a reasonable time, which is essential for the research. We also have a use case from the University Carlos III of Madrid.

The project’s goal is to analyze APTs. A team of analysts investigate this type of cyberthreat, considering a large and comprehensive dataset of malware samples used as part of the malware. And all samples are provided by ANY.RUN’s easy API integration allows large-scale analysis.

Teamwork

The benefit of the service’s Teamwork feature is that students can work together on one sample. In addition to that, a lecturer may create a team and track each member’s activity. That will be helpful in checking homework and navigating students’ work. 

Check out a special offer for universities in our blog post and find out tips on how to use the sandbox in a malware course for free. 

We also offer 30% off for educational purposes. If you are a student or a teacher from accredited universities – contact us to get a discount at [email protected]

Cybersecurity is an important part of any organization. And skilled experts are needed everywhere. So, if you have chosen to start your journey as a malware analyst, you’ll definitely need a solid basis for training. And ANY.RUN can help you to dive into this sphere easily. 

Subscribe
Notify of
2 Comments
Inline Feedbacks
View all comments