Zero2Automated Advanced Malware Analysis Course - Certification

I've done the Zero2Automated Advanced Malware Analysis Course over the last few months and have now finally passed the exam!

The Course

I have never done a course with a certification before but also didn't want to start with something which will not challenge myself nor teach me new things. Luckily on one day, I stumbled across this course on a news website and, since I was always keen on Reverse Engineering, I have decided to buy it and dive into the world of malware analysis. Not knowing where it will take me.

The course follows a clear agenda, it:

1. firstly teaches you about common algorithms which are found in malware and how to recognize them in a binary
2. dives into first stagers of malware and how one unpacks them
3. goes through techniques how malware evades detection
4. teaches you about different kinds of malware families and how they work
5. goes in-depth with the behaviour and exploitation of security holes by specific currently in-the-wild malware
6. explains how to do proper threat intelligence
7. goes into even more advanced topics like the static and dynamic analysis of shellcode and Bootkits

The main content is teached by video recordings where a PDF is provided for some more advanced things which would be hard to follow in a video, f.e. some injection techniques or some malware-specfic behaviour. What I really like is that nearly every chapter provides samples which allowed me to directly apply the newly obtained knowledge. The course also released malware samples every second week for analysis.

The Exam

As this blogpost already points out, the final examination seems to be one of the hardest ones, you can find among Reverse Engineering courses. It consists of a theoretical and practical part. The theoretical part covers all taught content and half of its questions got free text inputs. I think it contains ~50 questions. The pratical part is the more challenging one. You will receive a mail with some background story and a attached malware sample. Your task is then to analyze it and write up a full report within 2 weeks.

After I have received the mail, I immediately started to analyze the sample. It had multiple stages (~4) and used nearly all obfuscation techniques which are taught in this course. Each stage also differs in terms of evasion, spreading techniques and obfuscation, which made it very hard at some time to make progress. I was working on it the whole first 5 days nearly everyday for around 8 hours; analyzing each stage completely and making notes along the way to the final stage. Then I wrapped all my notes in a 38 pages long report and also developed YARA rules for IOCs for the rest of the time.

It was really challenging and one was constantly in a loop of euphoria and frustration due to the sometimes low progress. But "trying harder" has really payed off at the end and I got a score of 91% in the practical and 97% in the theoretical part.

Final Assessment

This course has taught me so much about malware analysis that was really worth its money (more than double times :D)! In my opinion, the difficulty of the exam was exactly on point regarding the teached content, since it forced you to really prepare for it and go through all the content.

I can fully recommend the course to those, who have previous knowledge, passion and the willpower to keep on when one will make sometimes very slow progress.

THANK YOU FOR READING!