The course is only open to U.S. state, local, tribal, and territorial law enforcement agencies, prosecutors, and judges.
This course covers one type of “crime as a service” (CaaS) offered on clearnet and darknet spaces, namely malware as a service (MaaS). Specifically, this course introduces participants to MaaS, the Clearnet and Darknet sites where malware and MaaS are marketed, advertised, and sold, and information about them is distributed. Particularly, attention will be paid to the M.O., tactics, targets, and tools used by perpetrators of this cybercrime.
At the end of the course, participants will be able to:
- Explain basic elements of malware and corresponding threats, differentiate malware from ransomware, and its impact of entities (companies and organizations).
- Explain the basics of network operations, including the Open Systems Interconnections (OSI) model and its protocols.
- Describe tactics, techniques, and procedures used by threat actors, identify Multi-Stage Malware (MSM), and explain how indicators of compromise (IOC) and attack (IOA) can be used to reveal threat actors on the Deep Web and darknet.
- Identify basic information about file structures and hashes, differentiate content from metadata and malware code, and describe how sandbox and automated analysis work.
- Identify Command and Control centers, explain how threat actors orchestrate malware and botnet attacks, and describe how bullet hosters can be used to prevent detection.
- Explain the benefits of static and dynamic malware analysis and identify tools needs to examine network behavior in an investigation.
Upon successful completion of the course, participants will receive a certificate of course completion.