FOR610: Reverse-Engineering Malware: Malware Analysis Tools and TechniquesAdvancedQuick view FOR610: Reverse-Engineering Malware: Malware Analysis Tools and TechniquesAdvancedFOR610Digital Forensic...
Origin | Interest | Match
Origin | Interest | Match
Digital Forensics and Incident Response Training | SANS Institute
Learn about SANS Digital Forensics courses, training and certifications as well as an extensive suite of free Digital Forensics resources.
www.sans.org
August 13, 2025 at 11:26 AM
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and TechniquesAdvancedQuick view
Interest | Match | Feed
Interest | Match | Feed
Origin
digital-forensics.sans.org
August 13, 2025 at 11:26 AM
SANS FOR610 is a potent gateway drug
July 21, 2025 at 3:13 PM
SANS FOR610 is a potent gateway drug
FOR610: Day 3 ✅, last hour or so kicked my tookis but better for it (inshallah)
July 16, 2025 at 9:48 PM
FOR610: Day 3 ✅, last hour or so kicked my tookis but better for it (inshallah)
FOR610: Day 1 of 6 wrapped at SANSFIRE I can’t say enough good things
July 14, 2025 at 9:40 PM
FOR610: Day 1 of 6 wrapped at SANSFIRE I can’t say enough good things
I’ve been working on improving the 3rd party integrations with MalChela (the updated release is coming soon). To really test the capabilities, I’ve been working through a bunch of the static analysis labs from FOR610.
May 2, 2025 at 2:40 AM
I’ve been working on improving the 3rd party integrations with MalChela (the updated release is coming soon). To really test the capabilities, I’ve been working through a bunch of the static analysis labs from FOR610.
XORsearch: Searching With Regexes, (Mon, Apr 7th)
Xavier asked me a question from one of his FOR610 students: "how can you perform a regex search with XORsearch"?
#hackernews #news
Xavier asked me a question from one of his FOR610 students: "how can you perform a regex search with XORsearch"?
#hackernews #news
XORsearch: Searching With Regexes, (Mon, Apr 7th)
Xavier asked me a question from one of his FOR610 students: "how can you perform a regex search with XORsearch"?
isc.sans.edu
April 8, 2025 at 8:25 AM
XORsearch: Searching With Regexes, (Mon, Apr 7th)
Xavier asked me a question from one of his FOR610 students: "how can you perform a regex search with XORsearch"?
#hackernews #news
Xavier asked me a question from one of his FOR610 students: "how can you perform a regex search with XORsearch"?
#hackernews #news
Shellcode Encoded in UUIDs, (Mon, Mar 10th)
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact th…
#hackernews #microsoft #news
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact th…
#hackernews #microsoft #news
Shellcode Encoded in UUIDs, (Mon, Mar 10th)
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a program does not always mean we are facing malicious code, but sometimes, some of them are derived from their official purpose. One of my hunting rules for malicious scripts is to search for occurrences of the ctypes[2] library. It allows Python to call functions in DLLs or shared libraries.
isc.sans.edu
March 11, 2025 at 2:02 AM
Shellcode Encoded in UUIDs, (Mon, Mar 10th)
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact th…
#hackernews #microsoft #news
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact th…
#hackernews #microsoft #news
Make Malware Happy, (Mon, Jan 6th)
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!†What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it's reco…
#hackernews #news
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!†What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it's reco…
#hackernews #news
Make Malware Happy, (Mon, Jan 6th)
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!†What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it's recommended that we replicate the environment where it was discovered (or at least, as much as possible). This is not always easy because we often receive a sample outside of its context.
isc.sans.edu
January 10, 2025 at 8:14 PM
Make Malware Happy, (Mon, Jan 6th)
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!†What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it's reco…
#hackernews #news
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!†What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it's reco…
#hackernews #news
I am super excited to have gotten a challenge coin from SANS FOR610. Cert is yet to come but wow this was fun.
December 20, 2024 at 1:48 AM
I am super excited to have gotten a challenge coin from SANS FOR610. Cert is yet to come but wow this was fun.
November 23, 2024 at 1:59 PM
Happpiiii
My Flipper Zero came in right before heading out
Also got a hold of IDA pro yesterday too... through some "means" as well as finding the EternalBlue C/C++ suite
Definitely going to have some fun over the break :3
Though, I still need to finish FOR610 and GREM first...
My Flipper Zero came in right before heading out
Also got a hold of IDA pro yesterday too... through some "means" as well as finding the EternalBlue C/C++ suite
Definitely going to have some fun over the break :3
Though, I still need to finish FOR610 and GREM first...
December 17, 2023 at 5:22 AM
Happpiiii
My Flipper Zero came in right before heading out
Also got a hold of IDA pro yesterday too... through some "means" as well as finding the EternalBlue C/C++ suite
Definitely going to have some fun over the break :3
Though, I still need to finish FOR610 and GREM first...
My Flipper Zero came in right before heading out
Also got a hold of IDA pro yesterday too... through some "means" as well as finding the EternalBlue C/C++ suite
Definitely going to have some fun over the break :3
Though, I still need to finish FOR610 and GREM first...
Applying for the course and attempting to get GREM is my means to really sit down and truly learn and apply it all
I know FOR610 is focused around Reverse Engineering with a focus of Malware Analysis... but hoping more to take the skills for my decompilation projects, bahaha
I know FOR610 is focused around Reverse Engineering with a focus of Malware Analysis... but hoping more to take the skills for my decompilation projects, bahaha
December 5, 2023 at 1:58 AM
Applying for the course and attempting to get GREM is my means to really sit down and truly learn and apply it all
I know FOR610 is focused around Reverse Engineering with a focus of Malware Analysis... but hoping more to take the skills for my decompilation projects, bahaha
I know FOR610 is focused around Reverse Engineering with a focus of Malware Analysis... but hoping more to take the skills for my decompilation projects, bahaha
Join me for one of the last opportunities to take #SANS #FOR610 this year in virtual Phoenix/Tempe. #malware #malwareanalysis www.sans.org/cyber-securi...
SANS Phoenix 2023 | Cyber Security Training
SANS Phoenix 2023 (Dec 4-9) offers hands-on cybersecurity training taught by top industry practitioners. Attend Live Online or in Tempe, TX.
www.sans.org
October 29, 2023 at 1:34 AM
Join me for one of the last opportunities to take #SANS #FOR610 this year in virtual Phoenix/Tempe. #malware #malwareanalysis www.sans.org/cyber-securi...
Join me for one of the last opportunities to take #SANS #FOR610 this year in virtual Phoenix/Tempe. #malware #malwareanalysis www.sans.org/potato-securi...
October 29, 2023 at 1:34 AM
Join me for one of the last opportunities to take #SANS #FOR610 this year in virtual Phoenix/Tempe. #malware #malwareanalysis www.sans.org/potato-securi...
Interested in learning #malware analysis Down Under? Join me as we bring SANS #FOR610 back to Syney in September
July 27, 2023 at 5:50 PM
Interested in learning #malware analysis Down Under? Join me as we bring SANS #FOR610 back to Syney in September
What's new in the FOR610: Reverse-Engineering Malware Analysis course in 2017 http://crwd.fr/2oKcq1d
@sansforensics #DFIR
@sansforensics #DFIR
December 1, 2024 at 5:23 AM
What's new in the FOR610: Reverse-Engineering Malware Analysis course in 2017 http://crwd.fr/2oKcq1d
@sansforensics #DFIR
@sansforensics #DFIR
Scoreboard from FOR610 at #SANSLondon (I managed to scrape into the top five)
December 1, 2024 at 5:03 AM
Scoreboard from FOR610 at #SANSLondon (I managed to scrape into the top five)
Just wrapped on FOR610 at #SANSLondon. Another fantastic SANS course. Thanks @hal_pomeranz
December 1, 2024 at 5:03 AM
Just wrapped on FOR610 at #SANSLondon. Another fantastic SANS course. Thanks @hal_pomeranz
December 1, 2024 at 5:03 AM
