Dynamic Malware Analysis and Sandboxing
RCCE students will learn how to observe malware safely in controlled environments to capture behavior, persistence, network activity, process execution, and anti-analysis logic. RCCE students will learn to build detonation workflows, collect behavioral telemetry, analyze file and registry changes, inspect command-and-control communications, and validate whether a sample matches known malware families or tradecraft patterns. The course covers practical scenarios ranging from sandbox preparation to execution analysis and reporting. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Dynamic Malware Analysis and Sandboxing
- Execute hands-on tasks for dynamic malware analysis
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for course structure — covering Safely observe malware in sandboxes, 5 modules covering analysis pipeline.
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for sandbox mastery
- Execute hands-on tasks for analysis skills
- Execute hands-on tasks for operational output — covering isolated analysis VMs, Trace process execution trees, Produce malware behavior.
- Execute hands-on tasks for static analysis — covering Examine code without execution.
- Execute hands-on tasks for dynamic analysis — covering Execute sample in controlled environment.
- Execute hands-on tasks for why dynamic analysis matters
- Execute hands-on tasks for rapid ioc extraction — covering Real execution defeats packing.
| Module 01 | Dynamic Malware Analysis |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Course Structure |
| Module 05 | Learning Objectives |
| Module 06 | Sandbox Mastery |
| Module 07 | Analysis Skills |
| Module 08 | Operational Output |
| Module 09 | Static Analysis |
| Module 10 | Dynamic Analysis |
| Module 11 | Why Dynamic Analysis Matters |
| Module 12 | Rapid IOC extraction |
| Module 13 | Sandbox Architecture Overview |
| Module 14 | Core Components |
All hands-on labs run on Rocheston Rose X OS. Students practice dynamic malware analysis and sandboxing by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for dynamic malware analysis
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Execute hands-on tasks for learning objectives
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Dynamic Malware Analysis and Sandboxing, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI