Malware Incident & Log Forensics

What To Expect

The Malware Incident & Log Forensics course is designed to help candidates detect and hunt real world adversaries in a simulated environment. This course will take you through the different stages of an Attacker killchain and will focus heavily on threat hunting using log analytics. Most organizations are limited to the knowledge of SOC analysts/Blue team even if they have a good security suite in place. Most of the time, incidents are created when there are alerts by some pre-created detection use cases. But what happens if there is no alert. How do you hunt for something you don’t know exist?

The candidates will get lab access over a cloud environment where they can create their own hunt use cases from the existing logs of actual attacks that have happened over years, and some of them being custom-built attacks using known Command & Control used by Adversaries like Cobalt-Strike, Metasploit, Zeus, Mirai, Covenant and more. This will help the threat hunters to enhance their detection and hunting knowledge on the network and endpoint level.

Training Content

The total course duration are 3 days Online Interactive training sessions over Google Meet. Virtual environments such as Active Directory Lab/C2 access/Domain access will be provided where necessary. A detailed information on the training content can be found here.


Dark Vortex provides Certificate Of Completion for every completed course. This certificate may be verified by contacting using the enrolment ID from the given certificate.


The course is highly practical in nature and involves a lot of programming in C/C++, reverse engineering in windbg/x64dbg. Its important to have a good grasp of the below fundamentals before approaching the course.

  • Basic Understanding of Windows/Linux Operating System architecture
  • Basic Understanding of the Windows Active Directory environment
  • Fundamental knowledge of programming with C/C++
  • Familiarity with programming concepts (pointers, referenceses, addresses, data structures, threads, processes)
  • Strong will to learn and creative mindset.

System Requirements

During the course, we will be working with different virtual machines which will involve cloning, creating, and snapshots and several other hands-on exercises. A properly configured system is extremely important to fully utilize the benefits of the training session. We strongly request you to have fully configured system which meets the below requirements for the course. All the requirements mentioned below are either freely available or open source.

  • Windows 10
    • A laptop with atleast 16GB RAM to run a Kali/Ubuntu virtual machine.
    • VMware/VirtualBox installed
    • Good Internet Connectivity
    • Visual Studio with C/C++/C# packages installed
    • Visual Code/Editor of your choice
  • Kali Linux/Ubuntu 20.04 (Virtual Machine)
    • VS Code
    • Mingw-w64
    • Nasm
    • Wireshark

NOTE: Make sure you have a snapshot of each virtual machine before you start the class, just in case you have to revert everything back to stock if your Virtual Machine crashes during the training.

Course Fees

Malware Incident & Log Forensics | 3 days (Interactive/Online)

At the end of the course, you will receive a Certificate of Completion and all the training materials including course PDFs/slides, content materials, source code for payloads and logs hunted during the training program.

$2000 USD

*Inclusive of taxes and certification

We conduct live training sessions which are conducted remotely and do not contain pre-recorded videos. For enquiries on training programs or other services, reach us at