Threat Tradecraft: Infrastructure Hunting & Malware Analysis

Online, Available in English

Topics:

• Foundations of Adversary Infrastructure Hunting
• Core Terminology & Concepts
• DNS & Internet Infrastructure Fundamentals (For Hunters)
• Tooling & Data Sources for Infrastructure Hunting
• Operational Security & Data Management
• Infrastructure Pivoting Techniques
• Hunting Without a Known IOC
• Phishing Infrastructure & Campaign Hunting
• Case Study: End-to-End Phishing Campaign Infrastructure
• Tracking Adversary Infrastructure at Scale
• Introduction to Post-Exploitation & C2 Infrastructure
• How Adversaries Evolve Infrastructure to Evade Detection
• Turning Hunting into Actionable Intelligence
• Case Study 3 - Adversary Infra hunting combined with OSINT
• Malware Analysis Workflow & Analysis Tradecraft
• Malware Triage & Initial Static Analysis
• Behavioral & Dynamic Analysis (Safe Detonation)
• Intro to Reverse Engineering for Defenders
• Malware Configuration & Capability Extraction
• Malware & Infrastructure Correlation
• Anti-Analysis, Evasion & Analyst Deception
• Malware Families, Loaders & Campaign Context
• Scaling Malware Analysis for SOC & CTI Teams
• Turning Malware Analysis into Detection
• Malware Analysis OPSEC & Analyst Safety
• Measuring Malware Analysis Effectiveness
• Converting assembly to structured explanations
• When AI makes mistakes
• MCP Analysis Workflows
• Case Study: AI-Augmented End-to-End Investigation
• Writing Malware & Infrastructure Reports
• Turning Analysis into CTI & SOC Value

Overview

This three-day, hands-on course teaches defenders how to hunt, pivot, and track adversary infrastructure across phishing, malware, and post-exploitation operations, and how to correlate that infrastructure with malware analysis to build high-confidence detections and intelligence. Students will learn repeatable workflows to move from single indicators to campaign- and actor-level understanding while maintaining strong operational security. The course also introduces practical ways to use AI-assisted techniques to accelerate analysis and reporting without replacing analyst judgment or compromising sensitive data.

By the end of this course, the participant will be able to:

• Systematically discover, pivot, and map adversary infrastructure starting from minimal technical indicators such as a single domain, IP, URL, or malware sample.
• Distinguish between meaningful infrastructure relationships and false correlations using DNS history, TLS metadata, hosting context, and behavioral patterns.
• Identify infrastructure tradecraft used by phishing operators, malware loaders, and post-exploitation frameworks, including rottion strategies, redirectors, and cloud abuse.
• Perform safe and structured malware triage, static analysis, behavioral analysis, and targeted reverse engineering to extract configuration, capabilities, and infrastructure artifacts.
• Correlate malware artifacts with infrastructure findings to move from sample-level analysis to campaign- and actor-level understanding.
• Recognize and interpret anti-analysis, evasion, and analyst deception techniques used by modern malware and infrastructure operators.
• Use AI-assisted techniques responsibly to accelerate reverse engineering, clustering, and reporting workflows while maintaining analyst validation and data security.
• Translate technical findings into actionable outputs, including high-signal detections, threat intelligence reports, and perational recommendations.
• Apply operational security best practices to avoid exposing themselves, their organizations, or their research activities during live adversary investigations.
• Integrate adversary infrastructure hunting, malware analysis, and AI-augmented workflows into existing SOC, DFIR, CTI, and threat hunting operations in a scalable and repeatable way.