A common question from individuals who are curious and fascinated by malware analysis is "I want to learn malware analysis: where do I start?". This workshop is meant to be that starting place. The workshop is composed of a series of modules. The first module covers resources for a malware analyst including where to source new malware samples, tools for malware analysis, and learning resources. The second module covers how to triage a malicious email. This includes how to extract and decode malicious email attachments without using a mail client as well as how to safely handle malware samples in your lab environment. The third module covers how to work with automated malware analysis environments aka malware sandboxes. The fourth and final module for this level of workshop is how to work in a controlled lab environment to load a malware sample in a debugger and to observe malware behavior in the environment including file activity, registry changes, and network activity.

Everything needed for this workshop is provided in self-contained cloud lab environments generated separately for each student. The only requirements are that the student's workstation have a working wireless NIC that can connect to the workshop wifi network and a fully updated Chrome browser. Students should leave the workshop feeling confident in knowing the next steps in their quest for learning malware analysis.