X

Enroll your team

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

X

Register

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

X

Request Access

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

X

Pre-register

I agree to provide AO Kaspersky Lab, 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation (“AO Kaspersky Lab”) with the following information about me (First Name, Last Name, email) order to allow AO Kaspersky Lab to contact me to participate in surveys and to send me information via email about Kaspersky Lab's products and services including personalized promotional offers and premium assets like white papers, webcasts, videos, events and other marketing materials. I confirm that I have been provided with this Privacy Policy for Web Sites. I understand that my consent is optional and I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above”. Web privacy policy https://www.kaspersky.com/web-privacy-policy

X

December sale

11th Dec – 3rd Jan!

15% off many of our popular online courses.

Check out our December sale

Windows Digital Forensics

Built for Tier 2 Analysts

Intermediate

Intermediate

Pre-register

Background

Incident specialists, emergency response services, and digital forensics researchers are all united by in-depth knowledge in the field of digital forensics. To become a part of this community, you can turn to our Windows Digital Forensics course, which is designed specifically to provide you with the necessary knowledge and practical experience, drawing on the extensive experience of experts from the Kaspersky Global Emergency Response Team (GERT).

Our high-level expert in the field of digital forensics, Ayman Shaaban, will introduce you to some important areas, including basic technical concepts and definitions, and explain the incident response, and how digital forensics is part of the process.

He will also demonstrate the analysis of various Windows artifacts with all the necessary tools gathered in one place — in your virtual environment. You will also be able to apply technical analysis yourself in a simulated active compromised directory to detect uncover malicious traces of cyber attack.

Our course emphasizes practical application, mirroring real-world scenarios to provide participants with a comprehensive understanding of incident response, allowing participants to gain invaluable insights and hands-on experience. By the end, you’ll be proficient in incident scoping, evidence acquisition, log file analysis, network analysis, creation of Indicators of Compromise (IoCs), and memory forensics. Armed with this knowledge, you’ll be better equipped to detect and mitigate threats swiftly, minimizing their impact and containing the damage effectively.

Ayman Shaaban
(@AymanShaaban)

Digital Forensics and Incident Response Group Manager

Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009, where he participated in building digital forensics labs, and provided response and analysis for cyber incidents in different industries. Additionally, he has developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security, and he obtained various DFIR certificates. In 2016 he published his book “Practical Windows Forensics”.

Overview & Objectives

  • Acquire the fundamental expertise essential for digital forensics.
  • Comprehend the methods of obtaining diverse digital evidence and managing it within a forensically sound setting.
  • Demonstrate proficiency in utilizing the tools and resources of digital forensics.
  • Be able to find traces of malicious actions related to incidents in MS Windows artifacts.
  • Learn how to use timestamps from various Windows artifacts to restore an incident scenario.
  • Analyze browser and email histories effectively.

Syllabus

Intended participants

InfoSec professionals

For incident response and digital forensics teams, working in a dynamic environment and willing to continuously enhance their practical skills in digital forensics.

Cybersecurity consultancies

The course is designed for specialist consultancies that aim to equip their teams with relevant practical skills, enabling them to offer forensics investigation services to their clients.

Enterprises

For cybersecurity professionals who would like to upgrade technical analysis skills in the digital forensics domain.

How you’ll learn

Guided video lectures

Learn from incident response expert Ayman the Global Emergency Response Team, CERT, who has years of experience working in real-world investigations.

Practical virtual laboratory

Practice in our fully configured virtual laboratory on real-world incidents.

Interactive learning

The course is based on progressive learning with a consistent modular structure based on expert reviews of each task, practical work in a virtual laboratory and detailed step-by-step solutions.

Windows Incident Response Offline Training

On site training

Place: Arenco Tower, Dubai Internet City, UAE

Dates: December 4th – December 8th 2023

Level: Intermediate

$2,200 ($1100for the first 6 students)

Level: Intermediate

$2,200 ($1100for the first 6 students)

Register

Background

Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts.

The Kaspersky office in Dubai is offering a unique opportunity to attend instructor-led onsite training! Gain the knowledge and skills straight from the experts, ask them all your questions, share experience with other participants, and become a part of the InfoSec expert community.

The course’s curriculum is heavily focused on putting the course material into practice. Our experts will take you through all the stages of incident response based on real-life events with simulations of true ransomware cases.

You will master incident detection, evidence acquisition, log-file analysis, network analysis and creation of IoCs, and also receive an introduction to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your instructor will be Ayman Shaaban, who has handled security incidents for Kaspersky incident response customers around the globe. Not only will you gain clear theoretical knowledge but you will also tap into his up-to-date experience, skills and advice.

Course Leader

Ayman Shaaban

Digital Forensics and Incident Response Manager

Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, he works as DFIR manager in GERT. Ayman started his cybersecurity career in 2009. During his career, he has participated in building digital forensics labs and providing response and analysis for cyber incidents in different industries. He developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in Communications Engineering and an MSc in cybersecurity. Ayman obtained different DFIR certificates and his book “Practical Windows Forensics” was published in 2016.

Overview & Objectives

  • Identify a cyber incident and how to respond to it
  • Understand various attack techniques
  • Differentiate between APTs and other threats
  • Apply live analysis on victim machines
  • Acquire evidence in a forensically-sound environment
  • Upgrade your skills in memory forensics
  • Apply log file analysis with regular expressions and ELK
  • Create better network and host-based IoCs
  • Test your network traffic forensics skills

Syllabus

Who it’s for? 

InfoSec professionals

For cybersecurity professionals who would like to upgrade technical analysis skills in the domain of incident response

Enterprises

For incident response and digital forensics teams, who are facing threats daily and willing to continuously enhance their practical skills in incident remediation.

How you’ll learn

Live lectures

Learn from Incident Response expert Ayman of the Global Emergency Response Team, GERT, who has years of experience working on real investigations.

Practical tasks in a Virtual Lab

Practice in our fully configured virtual lab on cases based on real incidents.

Use our equipment

The course is designed with an emphasis on practicing the skills you learned. Kaspersky will provide all necessary equipment for effective training.

Benefits

Support of experts

Communicate with experts and ask all the questions you need

Language

Course delivered in English 

Comunity

Empower your professional network by meeting lead InfoSec specialists

Access to Virtual lab

Practice in a Virtual lab with hands-on training

Learning equipment

All the equipment needed for training is provided

Advanced malware reverse engineering with Ghidra*

Built for Tier 3 threat hunters

Advanced

$1,800 inc. tax per learner

Advanced

$1,800 inc. tax per learner

Enroll my team
Request demo access

Background

As the digital realm continues to expand, the challenges associated with it grow as well. Enter Ghidra, a powerful tool that has become indispensable for InfoSec specialists.

Whether you’re an individual looking to enhance your career prospects or a business striving to fortify its digital stronghold, Ghidra is the compass guiding you through the intricate terrain of malware analysis and reverse engineering.

Developed by experts at the Kaspersky Lab, the “Advanced Malware Reverse Engineering with Ghidra” course is your gateway to unlocking the full potential of this invaluable tool.

Created by luminaries in the field such as Igor Kuznetsov, Director of GReAT, and Kaspersky security researcher Georgy Kucherin, this course is designed to empower you with the skills and knowledge necessary to navigate the complex world of malware analysis.

The course is tailored to provide a robust foundation in Ghidra. Starting with mastering the basics of Ghidra, you’ll embark on a journey that de-mystifies the malware analysis workflow. Explore data types, structures, and external type definitions. Learn basic and advanced-level Ghidra scripting in Python and Java, find out how to identify run-time library code and much more.

Let’s embark on this transformative training course together, where understanding Ghidra isn’t just an achievement — it’s a strategic advantage.

Course leaders

Igor Kuznetsov

Director, Global Research & Analysis Team (GReAT)

Igor is the Director of the Global Research & Analysis Team (GReAT) at Kaspersky. His research focuses on investigating malware campaigns and employing reverse engineering techniques to understand advanced malware. His profound knowledge and skills have proven instrumental in understanding and countering complex cyber threats. He has more than 20 years of reverse engineering experience.

Georgy Kucherin

Security Researcher, Global Research & Analysis Team (GReAT)

Georgy Kucherin is a Security Researcher at Kaspersky’s renowned Global Research and Analysis Team. Georgy demonstrates an unwavering passion for unraveling the intricacies of complex malware and employing reverse engineering techniques to analyze and understand its inner workings. With a strong background in cybersecurity research, Georgy has contributed significantly to the field through his comprehensive investigations into advanced persistent threats (APTs) such as FinFisher, APT41, and Lazarus. Georgy actively shares his research findings at prominent conferences, including SAS, VirusBulletin, and other renowned gatherings, where his presentations captivate audiences and contribute to the collective knowledge of the cybersecurity community.

Overview & Objectives

  • Get familiarized with the process of setting up Ghidra and building its latest version from source code
  • Understand how to perform a typical malware analysis workflow with Ghidra
  • Gain a firm understanding of how to work with data types and structures in Ghidra
  • Be able to identify runtime library code with Ghidra
  • Learn how to use Ghidra’s disassembler and decompiler scripting capabilities to automate reverse engineering tasks
  • Understand how to extend Ghidra’s capabilities using the Eclipse IDE™ (Eclipse IDE is a trademark of Eclipse Foundation, Inc.)

Syllabus

Whos it for?

InfoSec professionals

Perfect for seasoned reverse engineers, incident responders, and digital forensics experts, this course takes your cybersecurity prowess to new heights through an advanced acquaintance with the Ghidra tool.

Cybersecurity consultancies

The course will empower your personnel with the mastery of Ghidra, enabling them to provide unparalleled cybersecurity solutions and deliver top-tier malware analysis services to clients.

Enterprises

Elevate your organization's cybersecurity and SOC teams. Upon completing the course, they'll become experts in conducting a comprehensive malware analysis using Ghidra, capable of uncovering actionable insights that bolster your organization's security framework and enhance incident response strategies.

How you'll learn

Guided video lectures

Dive into the Ghidra tool usage through the expert lectures that break down complex concepts into easily digestible segments.

Virtual Lab

Step into a secure virtual environment created specifically for the course, where you can apply your skills without risk.

Iterative learning 

Embrace a learning journey that adapts to your pace. Benefit from iterative exercises, quizzes and experts’ solutions that reinforce your understanding, ensuring mastery of each topic before moving forward.

Benefits

Access

6 months to complete your course

Language

Course delivered in English with English subtitles

Pace

Self guided learning that fits around your life

Access to Virtual lab

100 hours in browser based Virtual lab with hands on training

Learning environment

Browser based via desktop, mobile or tablet

Guided videos

40+ videos to guide you through the course

Certification of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Cybersecurity for Executives Online

All levels

$2,220 $1,887 inc. tax per learner

All levels

$2,220 $1,887 inc. tax per learner

Enroll
Request demo access

Background

The “Cybersecurity for Executives” online training course was prepared by Kaspersky’s top managers and experts specifically for executives and leaders.

After taking this course, you will understand how cyber risks impact the effectiveness of your business and how to manage these risks.

During the course, you will get to know how cyber threats can affect your company and how to protect your staff and business from cyberattacks; you will learn how to plan your company’s cyber security trajectory, manage cyber crises and communicate incident information; you will learn how to make strategic decisions, assess risks and behave safely by applying the rules of cyber hygiene.

Upon completion of the course, you will be able to skillfully interact with IT and information security experts and easily incorporate cyber security protocols into your business. The program includes short video modules and hands-on cyber risk management exercises, allowing you to apply the theory in the context of your own organization.

Your course leaders

Eugene Kaspersky

Chief Executive Officer of Kaspersky

Chris Connell 

Managing Director, APAC

Andrey Suvorov

Head of KasperskyOS Business Unit

Genie Gan

Head of Public Affairs, APAC & META

Lavinia Rossi

Head of Enterprise Sales, Global Sales

Vasily Bushmarin

Senior Product Trainer 

Igor Kuznetsov

Director, Global Research & Analysis Team

Yuliya Novikova

Head of Security Services Analysis

Ivan Kwiatkowski

Security Researcher

Victor Chebyshev

Security Researcher

Vladimir Dashchenko

Cybersecurity Expert

Objectives

  • Get an overview of cybersecurity as a system
  • See how cyber risks affect businesses and how they can be managed
  • Understand the role of executives in cybersecurity
  • Delve into the principles of cyberattacks and attacker tools
  • Explore how to protect yourself, your personnel and your company from cyber attacks
  • Discover the steps you need to take if a cyberattack occurs
  • Gain an overview of cyber-immunity and the emerging trends in cybersecurity as an industry 

Syllabus

Who is it for?

C- level executives of enterprises and SMB companies

This course provides an essential basis for the safe management of businesses & teams, allowing participants to gain comprehensive knowledge on how to build an effective cyber-defense, manage cyber risks and make strategic decisions in conjunction with the IT and cybersecurity departments.

How you’ll learn

Guided video lectures

LMS adapted for both mobile and desktop formats. Content is in the microlearning format (3-6 minutes videos) with tests and assignments for better knowledge consolidation.

Iterative learning

The course is designed with an iterative learning approach with consistent modules based on specialist overviews of each task, practical work in a virtual lab and detailed expert solutions.

Practical guidelines and checklists

The course contains ready-to-use materials that can be used in a daily workflow and distributed throughout the company.

Benefits

Access

Six months from the moment of course activation to completion of your training

Language

Course delivered in English with English subtitles

Pace

Self-guided learning that fits around your life

Guided videos

50+ videos to guide you through the course

Learning environment

Browser-based via desktop, mobile or tablet

Certificate of completion

Kaspersky-branded document certifying the completion of the course, signed by the course leader(s) on a PDF

Suricata for Incident Response and Threat Hunting

Built for Tier 3 Threat Hunters

All levels

$890 $757 inc. tax per learner

All levels

$890 $757 inc. tax per learner

Enroll my team
Request demo access

Background

Suricata is the foundation for effective intrusion detection and prevention. With cyber attacks on the rise it’s more crucial than ever for businesses, enterprises or cybersecurity consultancies to have a comprehensive security strategy in place. And that’s where Suricata rules come to the rescue.

The “Suricata for Incident Response and Threat Hunting” course from Kaspersky xTraining is the ultimate training program taught by Kaspersky’s leading security researcher who has spent years on the front lines of cyber defense, Tatyana Shishkova. She will share unique insights and sophisticated tips and tricks, giving you an unparalleled understanding of the IDS/IPS within the Suricata rules framework.

The course is created for companies aiming to power up their security policy and individual learners, looking to advance their career in cyber security. Whether you’re a beginner specialist or a seasoned professional in security or SOC analysis, security administration, malware research or incident response, it will give you the knowledge and skills to stay ahead of the ever-evolving threat landscape.

Learn how to write and implement Suricata rules to detect and block even the most advanced threats. Gain a deep understanding of how the framework works, and how to use it for identifying and responding to attacks in real-time. Get practical experience to enhance your network security with hands-on exercises and various real-life scenarios.

Course leader

Tatyana Shishkova

Lead Security Researcher, GReAT

Tatyana Shishkova is a Lead Security Researcher with more than seven years’ experience in network traffic analysis. Working at Kaspersky for more than a decade, she specializes in reverse engineering and network intrusion detection using Suricata.

Tatyana is a regular speaker at major cybersecurity conferences, including PHDays, SuriCon, SAS, and Botconf.

Overview & objectives

  • Understand what is a NIDS and how to use it
  • Write Suricata rules for different protocols
  • Utilize tips and tricks to create fast and efficient rules
  • Learn about typical network attacks
  • Analyze suspicious traffic and recognizing traffic anomalies
  • Learn how to identify and fix a false alarm
  • Learn how to use Suricata for threat hunting
  • Gain new skills through a practical challenge in virtual environment

Syllabus

Who it's for

Cybersecurity consultancies

Train your consultancy team to create and fine-tune Suricata rules for maximum effectiveness so to provide more effective services to their clients.

Enterprises

Advance your SOC or cybersecurity team’s skills to implement effective network security policies moving towards detecting and preventing cyber attacks before they cause organisational damage.

InfoSec professionals

Advance your career as an incident responder, malware researcher, or security analyst. Get to know more about developing and deploying effective Suricata rules to prepare yourself for more advanced threats.

How you'll learn

Guided video lectures

Learn Suricata rules with guided video lectures, providing in-depth explanations of each topic and exercise.

Virtual lab

Practice your new skills in a safe virtual environment. Designed especially for our Suricata course, your virtual environment is loaded with all the tools you need to help you learn and succeed.

Iterative learning

The course is designed with an iterative learning approach with consistent modules based on specialist overviews of each task, practical work in a Virtual Lab and detailed expert solutions.

Be the first to find out...

Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!

Sign up

Benefits

Access

6 months to complete your course from activation of your access code

Language

Courses delivered in English with subtitles

Pace

Self-guided learning that fits around your life

Course duration

It will take you approximately 18 hours to watch the videos

Downloads

PDF downloads of training materials and tips

Learning environment

Browser-based via desktop, mobile and tablet (excludes virtual lab which requires an RDP client)

Course author

Member of Kaspersky Global Research and Analysis Team (GReAT)

Guided videos

30+ videos to guide you through the course

Virtual lab

Safe virtual environment for hands-on learning

Certification of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Security operations and threat hunting

Built for Tier 3 Threat Hunters

Intermediate

$1,400 $1190 inc. tax per learner

Intermediate

$1,400 $1190 inc. tax per learner

Enroll my team
Request demo access

Background

Big companies with complex IT infrastructure need to protect it – or face the consequences of being compromised. Sophisticated attackers can bypass automatic defenses unnoticed. Here’s where Security Operations Center (SOC) comes to the rescue, bringing the expertise and skills of its professionals for upgraded business protection.

Developed by Kaspersky’s own SOC experts, this course offers a comprehensive training to SOC analysts and other staff dealing with security operations. The knowledge you will get is practical and tested: our experts update it daily, provide security to Kaspersky itself and deliver on-site training to clients all over the world.

During the time on the course, you will get to know the diverse roles within a SOC, its services and use cases, get acquainted with the modern attack tactics, techniques, and procedures, and learn how SOC helps deal with them. Within the numerous extensive practice sessions in the restricted areas of the virtual labs, you’ll get an opportunity to develop your skills in incident detection and investigation.

Course leaders

Dmitriy Uchakin

Kaspersky SOC Analyst and Researcher

Dmitriy is a Kaspersky SOC analyst, working in operation and research areas. He joined the company in 2019 and now performs real-time investigations of detected threats and the analysis of fresh APT threats that were observed around the globe. Dmitriy is responsible for the optimization of SOC operations, he helps to automate the SOC routines through the development of Jupyter notebooks, as well as robots for repeatable actions. He contributes to Kaspersky SOC’s Threat Hunting activities, like the creation of TH hypothesis, hunting for malicious indicators and converting successful cases into new threat detection rules.

Sergey Soldatov

Head of Kaspersky SOC

Sergey started his career over 20 years ago as a software developer, writing in C and Perl. After working as a sysadmin of security systems, he became a member of a SOC team and was engaged in threat detection and incident investigation. Currently, Sergey is the head of Kaspersky SOC, responsible for internal SOC activities at the company as well as external managed detection and response and Compromise assessment services. Sergey is a certified information systems security professional (CISSP, OSCP) and auditor (CISA).

Roman Nazarov

Head of Kaspersky SOC Consulting

Roman has 13-years experience in Information Security mainly focused on SOC areas. He started his career as a security engineer and advanced to manage a team specializing in building SOC platforms for big national organizations. Working internationally on various challenges, like designing threat detection frameworks, Roman became a certified ArcSight instructor. Back in Russia, he developed a cyber security platform handling 2 million security events per second at the country’s biggest bank.

Now at Kaspersky SOC Consulting, he focuses on a complex approach that includes all areas of SOC/MSS/CERT design and architecture, establishing operations and development planning. Roman is an acknowledged professional holding certificates like CISSP, CISM, CISA, GNFA, GCIH.

Overview & objectives

  • Understand the structure of Security Operation Center as a part of security defense
    services
  • Be able to plan and organize security monitoring in your organization/company
  • Use different threat intelligence sources to find new advanced threats
  • Detect and investigate malicious activity in Windows and Linux infrastructures based
    on an attacker’s tactics, techniques and procedures
  • Learn threat hunting infrastructure based on ELK (Elasticsearch, Logstash, Kibana)

Syllabus

Who it's for

SOC analysts and specialists

For cybersecurity specialists involved in security operations and threat hunting.

Enterprises

For teams and enterprises focusing on threat hunting.

How you'll learn

Guided video lectures

Learn from more than 60+ videos by the top-notch Kaspersky SOC experts, sharing their practical experience and hacks.

Hands-on virtual lab and various environments within

Practice in our fully configured virtual lab - and experience various environments to hunt a wide range of threats.

Iterative learning

The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.

Be the first to find out...

Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!

Sign up

Benefits

Access

6 months to complete your course from activation of your access code

Language

Delivered in English with subtitles

Pace

Self-guided learning that fits around your life (It will take you approximately 18 hours to watch the videos)

Browser-based access to virtual lab

100 hours of virtual lab time for hands-on learning

Downloads

PDF downloads of training materials & tips

Learning environment

Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)

Course author

Course author Members of Kaspersky Security Operations Center

Guided videos

60+ videos to guide you through the course

Certificate of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Windows incident response

Built for Tier 2 Analysts

Intermediate

$1,400 $1190 inc. tax per learner

Intermediate

$1,400 $1190 inc. tax per learner

“You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics.”

Enroll my team
Request demo access

Background

Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts.

The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case.

You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips.

Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.

Course leaders

Ayman Shaaban (@AymanShaaban)

Digital Forensics and Incident Response Manager

Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009. During his career, he has participated in building digital forensics labs and providing response and analysis for cyber incidents in different industries. He developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security. Ayman obtained different DFIR certificates and in 2016 he published his book “Practical Windows Forensics”.

Kai Schuricht (@kai_schuricht)

Senior Incident Response Specialist

Kai started his career in the information security domain in 2010 as a security consultant and joined GERT in 2016 as an incident response specialist. Throughout his career, he has been involved in building digital forensic labs and providing responses to different variants of cyber incidents around the world. Beside the development and delivering of DFIR training globally, he also designs, conducts and evaluates tabletop exercises. Kai holds several international certifications like GCFA, GCFE, ECIR, ECTHP, CCSK, CISM and ISO/IEC 27035) and also a Diploma in Business Informatics (FH) and a M.Sc. in Digital Forensics.

Overview & objectives

  • Identify a cyber incident and how to respond to it
  • Understand various attack techniques
  • Differentiate between APTs and other threats
  • Apply live analysis on victim machines
  • Acquire evidence in a forensically sound environment
  • Upgrade your memory forensics skills
  • Apply log file analysis with regular expressions and ELK
  • Create better network and host-based IoCs
  • Test your network traffic forensics skills

Syllabus

Who it's for

InfoSec professionals

For cybersecurity professionals who would like to upgrade technical analysis skills in the incident response domain.

Enterprises

For incident response and digital forensics teams, who are continuously enhancing their practical skills in incident remediation.

How you'll learn

Guided video lectures

Learn from Incident Response experts Ayman and Kai from the Global Emergency Response Team, GERT, who have years of experience working on real-live investigations.

Hands-on virtual lab

Practice in our fully configured virtual lab on real-life incident case.

Iterative learning

The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.

Be the first to find out...

Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!

Sign up

Securelist

The home for all of Kaspersky’s cyberthreat research and reports.

BrightTALK’s Kaspersky channel

Discover and learn with Kaspersky’s brightest professional.

Kaspersky Threat Intelligence Portal

Scan files, domains, IP addresses & URLs for threats, malware and viruses.

KLARA on GitHub

KLara helps Threat Intelligence researchers hunt for new malware using Yara.

Benefits

Access

6 months to complete your course from activation of your access code

Language

Courses delivered in English with subtitles

Pace

Self-guided learning that fits around your life

Browser-based access to virtual lab

It will take you approximately 15 hours to finish the course

Downloads

PDF downloads of training materials & tips

Learning environment

Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)

Course author

Members of Kaspersky Global Emergency Response Team

Guided videos

Over 40 videos to guide you through the course

Access to virtual lab

100 hours of virtual lab time for hands-on learning

Certificate of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Hunt APTs with Yara like a GReAT ninja

Built for Tier 3 Threat Hunters

All levels

$1,400 $1190 inc. tax per learner

All levels

$1,400 $1190 inc. tax per learner

“Only our course teaches you how to write solid and fast Yara rules while developing a threat hunting mentality that will be respected & valued.”

Enroll my team
Request demo access

Background

Have you ever wondered how Kaspersky’s GReAT experts discovered some of the world’s most famous APT attacks? Now, the answer is within your reach.
Our specialists have poured years of experience from the prominent cases they have worked on into our online Threat Hunting with Yara training. Course leader Costin Raiu, a 25 year veteran of the threat hunting industry, will teach you the unconventional ways of working with Yara so that you can find threats of the same magnitude as his team.

Specifically designed for self-paced learning, our course is deeply practical and enables you to learn-by-doing, hunting for real threats in our dedicated Virtual Lab. Using world-renowned cases like BlueTraveller, Sofacy & WildNeutron as the basis of the course, Costin shares insights and techniques from his team’s exclusive research on these cases. This knowledge will enhance your career and improve your organisation’s threat defences.

Course leader

Costin Raiu

Security Researcher

Costin is one of the founders of Kaspersky’s industry leading Global Research and Analysis Team (GReAT), the team that researched the inner workings of Stuxnet, Duqu, Flame, Carbanak, Turla, Lazarus, the Equation Group and many more.

Costin has over 25 years’ experience in cybersecurity and specializes in analyzing Advanced Persistent Threats and high-level malware attacks.

He is a member of the Virus Bulletin Technical Advisory Board and the Computer AntiVirus Researchers’ Organization (CARO) as well as a reporter for the Wildlist Organization International.

Overview & objectives

  • Write cleaner, more efficient, Yara rules
  • Tips & tricks to create fast, efficient rules
  • Yara generators to save time and effort
  • Test Yara rules for false positives
  • Hunt new undetected samples in your infrastructure
  • Use external Yara modules for efficient hunting
  • Discover secrets of anomaly search
  • Test your new skills on real life cases

Syllabus

Who it's for

InfoSec professionals

IT Security professionals will learn how to advance their career as a threat hunter and hunt threats more efficiently.

Enterprises

Train your teams to find new malware samples, exploits and zero-days and speed up incident response. Improve your organizations’ defenses with custom rule

How you'll learn

Video lectures featuring Costin Raiu

Learn from a 25 year Threat Hunting ninja and Director of Kaspersky’s industry leading Global Research and Analysis Team.

Active learning

Engaging learning tools & quizzes to support effective knowledge transfer.

Hands-on virtual lab

Work with real cases like BlueTraveller and DiplomaticDuck in our virtual lab.

Be the first to find out...

Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!

Sign up

Securelist

The home for all of Kaspersky’s cyberthreat research and reports.

BrightTALK’s Kaspersky channel

Discover and learn with Kaspersky’s brightest professional.

Kaspersky Threat Intelligence Portal

Scan files, domains, IP addresses & URLs for threats, malware and viruses.

KLARA on GitHub

KLara helps Threat Intelligence researchers hunt for new malware using Yara.

Access

6 months to complete your course from activation of your access code

Language

Courses delivered in English with subtitles

Pace

Self-guided learning that fits around your life

Browser-based access to virtual lab

It will take you approximately 15 hours to finish the course

Downloads

PDF downloads of training materials & tips

Learning environment

Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)

Course author

Costin Raiu, Director of GReAT, Kaspersky

Guided videos

Over 50 videos to guide you through the course

Access to virtual lab

100 hours of virtual lab time for hands-on learning

Certificate of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Advanced malware analysis techniques

Built for tier 3 threat hunters

Advanced

$2,700 $2295 inc. tax per learner

Advanced

$2,700 $2295 inc. tax per learner

Enroll my team
Request demo access

Background

Kaspersky opens a treasure-box: our legendary training program on Advanced Malware Analysis Techniques. It helps established reverse engineers, incident responders & digital forensics specialists level-up their work on cybersecurity incidents and become unique experts.

The main focus of the course is advanced static analysis because for cybersecurity incidents involving previously unseen malicious code, this is the most reliable way to determine functionality of the code and find actionable artefacts. It allows organizations affected by APTs to define adequate damage assessment and incident response.

The course also heavily features our exclusive know-hows on the automation of decryption, decoding and other processing of the samples which helps not only optimize routine tasks, but preserves your work in the code. You will be introduced to a custom static analysis framework (available for download), proven to be very efficient during decades of Kaspersky APT research.

Igor Kuznetsov, the course author, has participated in Kaspersky research on the most notorious APT campaigns. He has cherry-picked exercises from his own work to cover generic approaches to analysis in IDA Pro, using all important features and also to demonstrate unique cornerstone cases that require special treatment, which will super- charge your skills for the future.

Welcome to the elite club of malware researchers!

Course leader

Igor Kuznetsov,

Director, Global Research & Analysis Team

Igor is the Director of the Global Research & Analysis Team (GReAT) at Kaspersky. His research focuses on investigating malware campaigns and employing reverse engineering techniques to understand advanced malware. His profound knowledge and skills have proven instrumental in understanding and countering complex cyber threats. He has more than 20 years of reverse engineering experience.

Igor specializes in investigating malware campaigns and reverse engineering advanced malware. His areas of expertise include cyber-espionage and highly-targeted attacks, advanced threat actors and APTs; cyber-warfare, cyber-weapons such as Stuxnet, Duqu, Flame, Gauss; ATM security. Igor regularly provides training sessions on advanced malware analysis.

Overview & objectives

  • Analyze modern complicated code samples, from receiving the initial artefact, all the way to producing a technical description of the attacker’s TTPs with IOCs
  • Produce static decryptors for real-life scenarios and then continuing with in-depth analysis of the malicious code
  • Analyze malicious documents that are typically used to deliver initial payloads and know how to extract them
  • Ensure damage assessment and incident response efforts are accurate and effective

Syllabus

What you will reverse

InfoSec professionals

The course is intended for established reverse engineers, incident responders and digital forensics practitioners seeking to level up their work with cybersecurity incidents.

Enterprises

After completing this training your cybersecurity or SOC team will be able to implement full dynamic and static analysis of malware efficiently, automate routine tasks and find detailed actionable items for protection of your organization & incident response.

Cybersecurity consultancies

Specialist consultancies who need to train their team on relevant practical skills will also benefit from this course: their personnel will level up and will be able to create more effective cybersecurity products and malware analysis services for clients.

How you will reverse

Guided video lectures

Learn from Igor Kuznetsov, Chief Security Researcher and member of Kaspersky’s revered Global Research and Analysis Team.

Hands-on virtual lab

Practice in our fully configured virtual lab on real targeted malware cases like Lazarus, Sofacy, Regin, Equation, RedOctober, Miniduke and Carbanak.

Iterative learning

The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.

Be the first to find out...

Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!

Sign up

Benefits

Access

6 months to complete your course from activation of your access code

Language

Courses delivered in English with subtitles

Pace

Self-guided learning that fits around your life

Browser-based access to virtual lab

100 hours of virtual lab time for hands-on learning

Downloads

Static analysis framework, scripts from exercises and training materials are available for download

Learning environment

Browser-based via desktop, mobile & tablet

Course author

Igor Kuznetsov, Chief Security Researcher at Kaspersky GReAT

Guided videos

About 60 videos to guide you through the course

Certificate of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)

Mobile malware reverse engineering

Built for Tier 3 Threat Hunters

Intermediate

$890 $757 inc. tax per learner

Intermediate

$890 $757 inc. tax per learner

Enroll my team
Request demo access

Background

With almost everyone in the world owning a smartphone that effectively mixes the person’s private area and work lives, keeping systems intact has become a growing challenge for corporate IT security and SOC teams.

Mobile malware is often used in cyberattacks against organizations by both cybercriminals and sophisticated APT actors, so the ability to counter such attacks is crucial for corporate security teams.

The Mobile Malware Reverse Engineering training is based on Kaspersky’s vast experience in this field and authored by one of the leading experts on mobile malware – Victor Chebyshev. The course features static and dynamic analysis of some outstanding and unique malware samples like MagicKarakurt, LightSpy and the DuKong framework.

 

By taking this online course you will:

  • Learn advanced features of static analysis (permissions, strings, signature, resource files, decompilation of Dalvik bytecode)
  • Understand how to analyze mobile malware including Android and iOS samples
  • Learn how to analyze native libraries for Android and iOS statically, as well as advanced dynamic analysis with Frida framework.

You will immediately put your new knowledge to practice in our restricted virtual lab where you can safely reverse the dangerous malware samples we introduce you to.

Course leader

Victor Chebyshev

Security Researcher

Victor Chebyshev is an experienced specialist with deep knowledge of Android, Linux and Mac OS malware. Victor regularly provides customer training on these subjects and has presented his malware research at various cybersecurity conferences, like the SAS, the RSA Conference etc.

Overview & objectives

  • Understand how to analyze mobile malware including Android/iOS samples
  • Learn advanced static analysis or so-called surface analysis: permissions, strings, signature, resource files, decompilation of Dalvik bytecode
  • Learn how to analyze native libraries for Android and iOS statically using Ghidra
  • Learn advanced dynamic analysis using dynamic instrumentation with Frida

Syllabus

Who's it for?

Corporate IT security managers

Mobile malware poses a significant threat to enterprise IT networks – in the course we show practical techniques to deal with them. The course is a great tool to upgrade your security team’s ability to counter various cyber threats.

Reverse engineers and SOC professionals

Mobile malware has its own unique features which attackers use in their activities. The knowledge gained on this course will take your professionalism to the next level.

How you'll learn

Guided video lectures

Learn from well-explained videos by a top expert on mobile malware, who shares his practical experience and hacks.

Hands-on virtual lab

Practice in our fully configured virtual lab to tinker with the malware samples and get the best of them.

Structured flow

The course is built around progressive learning with a consistent module framework. Each module is based on a specialist overview of each task, practical work in the virtual lab and detailed solution walk-throughs.

Be the first to find out...

Each and every month we share our latest news, tips, tricks and advice on all things cybersecurity related.
Be the first to find out when we run competitions, promotions, launch new courses, release free webinars and much more!

Sign up

Benefits

Access

6 months to complete your course from activation of your access code

Language

Courses delivered in English with subtitles

Pace

Self-guided learning that fits around your life

Browser-based access to virtual lab

It will take you approximately 3.5 hours to watch the videos

Downloads

PDF downloads of training materials & tips

Learning environment

Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client)

Course authors

Leading security researcher of mobile malware

Guided videos

20+ videos to guide you through the course

Access to virtual lab

100 hours of virtual lab time for hands-on learning

Certificate of completion

PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s)