Post Infection Threat Analysis

Date to be confirmed

09:00 - 16:00 on both days

Benelux (venue to be announced shortly)

Training postponed

We regret to inform you that the training planned for April will be postponed due to the coronavirus epidemic. For F‑Secure, the health and safety of its employees, partners, customers, and other stakeholders is a top priority. We will update the schedule as soon as possible, so stay tuned for further information

Malware infections are among the most common reasons for a security breach. Some incidents require in-depth threat analysis and guidance from specialized cyber security experts while some incidents can be tackled by anyone with a basic understanding of the most likely threats.

Organizations capable of analyzing a malware infection have a better chance of recovering from the incident and succesfully defending against similar incidents in the future. Our training material and excercizes are based on the most prevalent current threats and incidents we have analyzed.

Upon completion of the training, you will have the basic technical skills needed to respond effectively to malware-related incidents. You will also be able to collect relevant Indicators of Compromise (IOCs) and write actionable reports based on the information.

This training includes lectures and exercises, as well as several deep dives on which to work hands-on with system and network monitoring tools such as Process Monitor, Wiresark, Autoruns, and so on.

The training will cover the following topics:

  • Malware typology Identifying malware as a Worm, Backdoor, Trojan, Data-Stealer etc. Identifying the malware category is useful for performing proper risk assessments.
  • Methods of infection This will help you to identify different attack vectors.
  • File Types Understanding the structure of different file types used by malware.
  • Dynamic Malware Analysis Practice using system monitoring tools to understand the behavior of malware and collect IOCs from infected systems.
  • Static Malware Analysis Learn how to perform quick analysis on a malicious file without running it.
  • Post-Infection Clean-up Identifying the common persistence mechanisms used by malware and how to remove them.
  • Exercises E.g. Analyzing Document files commonly received via email spam, and analyzing suspicious Powershell commands.

What's included

Breakfast, lunch, materials, training environment and equipment, an optional evening get-together and a dinner with F-Secure experts. Training does not include travel and hotel costs.



The total cost of the two-day training is 2000€ / participant.

(Partner discounts applicable: 1600€ for Silver partners, 1260€ for Gold partners, and 1100€ for Platinum partners)


Frederic Vila
Threat Researcher, Advanced Threat Intelligence and Detection Team, F-Secure

Frederic has over 15 years of experience in malware analysis and detection. At F-Secure, he handles threat intelligence on advanced persistent threats (APT), targeted attacks, and incident response cases. His contribution to F-Secure's NewsFromTheLabs blog have also been quoted by security websites, and his APT whitepaper called NanHaiShu has received international interest. Currently, he's contributing to F-Secure's Rapid Detection & Response product line on threat simulation and detection.


Applicable for both days

09:00 – 10:30 Welcome & Training part 1
10:30 – 10:45 Coffee break
10:45 – 12:00 Training part 2
12:00 – 13:00 Lunch
13:00 – 14:30 Training part 3
14:30 – 14:45 Coffee break
14:45 – 16:00 Exercises + Ending words
Optional Evening Program (only on Day 1)

Register for the training

Registration will be opened once new training dates are available.