• Home
  • Zero2Automated

Which Version Is Right For Me?

Features Zero2Automated Zero2Automated + Exclusive MISP & Sandbox Ultimate Malware Reverse Engineering Bundle
25+ Hours of Content
Zero2Hero Course
Lifetime Access
Community Slack Channel
Sandbox + MISP Access*
Beginner Friendly
Custom Samples
Exam + Certification

*Upgrades are offered while purchasing course

Most courses I found on malware analysis were either too basic/general or they did not have much hands-on practice at all. Z2A is completely different because it’s really practical and decently challenging. The theory of most covered topic can be found online, but the full walkthrough of malware samples that use those techniques in this course is invaluable. I would say this course is probably one of the best investments I have made to learn RE!
Chuong Dong
Course Student

Zero2Automated: What Is It?

Zero2Automated (The Advanced Malware Analysis Course) is a course developed by Malware Reverse Engineers, for Malware Reverse Engineers, with practicality in mind. The main focus of this course is to teach you the advanced concepts utilized by modern malware, through a practical approach, allowing you to instantly apply the information to your own analyses. However, we do understand theory is vital in order to better understand certain fundamentals, such as how the PROPagate injection method works, and how Equation Editor is exploited. As a result, crystal clear PDFs are provided alongside certain chapters requiring a deeper dive, allowing you to constantly refer back to them whenever required.

Furthermore, upon purchase of the Zero2Automated Course, you will gain access to a private Slack channel focused around the course and course content, allowing you to interact with others currently taking the course, as well as ask for help on any issues that may come up. 

Think that’s all? Nope! The Zero2Automated Course will be updated over time, with additional modules, custom “CTF” challenges, and more being added, allowing you to further improve your knowledge of Malware Analysis and Reverse Engineering. 

We’re not done yet though! Not only do you get access to an updated stream of videos and PDFs, you also get exclusive access to an e-book written by Jason Reaves (@sysopfb) that takes you through several sophisticated malware samples, from GuLoader to Qakbot, examining different anti-analysis methods, string encryption functionality, C2 protocols, and more!

Zero2Automated: Prerequisites

Unlike the Beginner Malware Analysis Course, this course has several prerequisites:

–  Beginner Knowledge of Malware Analysis (Malware variants, Functionality, etc.)
–  Beginner Knowledge of Reverse Engineering (IDA, x64Dbg – x86 Assembly)
–  Understanding of Programming Concepts (while loops, for loops, etc.)
–  Understanding of Python (Highly Recommended, though not vital)
–  Enthusiasm to learn (if you have none of the others, make sure you have this one!)

Don’t have these prerequisites and want to prepare before taking this course? Check out the Beginner Malware Analysis Course!

Zero to Automated is a natural progression to SANS FOR610, expanding on the analysis of malware obfuscation techniques by dissecting the most prolific and pervasive malware families in use by cybercrime campaigns today.
Course Student

Zero2Automated: Syllabus

Looking at common algorithms in use by malware, such as:

    – RC4
    – AES
    – Serpent
    – RSA
    – BlowFish

Accompanied by a PDF on recognizing these algorithms

Analysing methods of initial access used by threat actors:

    – Unpacking Malware
    – Analysing Malicious Documents
    – Analysing Malware Loaders
    – Automated Loader Configuration Extraction

Covering evasion techniques used by malware, including:

    – Process Injection
    – Anti-Analysis Techniques
    – Persistence Methods

Core functionality of common malware variants, including:

    – Banking Malware
    – Point-Of-Sale Malware
    – Worm
    – SpamBot

Analysing malware samples in-depth:

    – QakBot
    – TrickBot

Analysing malware developed in languages that can be decompiled:

    – Python
    – JavaScript
    – PowerShell

Analysing malware utilizing exploits:

    – Privilege Escalation
    – UAC Bypass
    – Lateral Movement
    – Bring-Your-Own-Land DSE Disable

Reverse engineering low level malware, operating at the kernel level:

    – MBR Overwriting

Covering the analysis of shellcode:

    – Static Analysis
    – Dynamic Analysis

Covering different aspects of threat intelligence:

    – Automated Signature Development
    – Threat Intelligence Workflow

In-depth look at several notorious malware families:

    – BazarLoader
    – GuLoader
    – Gh0stRAT Loader
    – TinyLoader
    – Qakbot

I really want to give a shout out to @0verfl0w_ and @VK_Intel for their #Zero2Auto Malware course. Having access to a well organized syllabus which structurally teaches malware analysis, and not to mention automation. I am one happy researcher. Thank you so much!
Danus Minimus
Course Student

Zero2Automated: Certification

After successful completion of Zero2Automated: The Advanced Malware Analysis Course, as well as passing the final exam, you will receive a Certificate of Completion, along with a unique certificate ID for verification.

Such an excellent content. This is a must if you want to understand the real power of analyzing malware. It offers up-to-date content and very detailed explanations including notorious malware samples such as Qakbot and IcedID. The whole course is organized in such a way that it makes you grasp the key concepts of reverse engineering cyber threats, without going crazy. Absolutely love it.
Felipe Duarte
Course Student

Zero2Automated: Frequently Asked Questions

Yes! Upon purchasing the course, you gain immediate lifetime access, allowing you to come back every few months to look at specifics! No additional payments, no additional worries! Furthermore, further content will be added to the course over time, which you will also gain access to, free of charge!

Unfortunately the videos cannot be accessed offline, however, you are able to download the theoretical material provided alongside the course, to study more in-depth topics offline!

Both Stripe (Credit Card/Debit Card payments) and PayPal are the main supported payment processors of the platform, however if these are an issue for you, we may be able to work out possible payment methods – in that case, please see the “How can I contact you” answer.

It is! Upon completing the videos, there will be an exam that you can take. Upon passing this test, you will receive a certificate of completion, with your name on it!

You can contact us via the contact form below, through Twitter (@0verfl0w_) or via e-mail:!

Further Questions?

Looking for answers to a question not answered above? Feel free to drop us a message using the contact box below, and we will get back to you as soon as possible!

    Receive the latest news

    Subscribe & Stay Tuned

    Stay updated on new course releases and related InfoSec content