Malware Analysis Courses

{
    "courseID": "CADMUS-MARE-01",
    "courseTitle": "Introduction to malware detection",
    "authorOwner": "CTI",
    "contactPerson": [
        "Georgios Xenos",
        "Sotirios Giannopoulos"
    ],
    "cadmusCourseURL": "",
    "platformCategory": [
        "Sisyfos"
    ],
    "proficiencyLevel": "Basic",
    "eqfLevel": "4",
    "trainingType": [
        "Upskilling",
        "Reskilling"
    ],
    "deliveryMethod": "Online selfpaced",
    "durationIntensity": "12 hours",
    "expectedWeeklyTimeCommitment": "3",
    "traineeGroupSize": "-",
    "courseAvailability": "2026-03-01 00:00:00",
    "ecsfKeySkillsTarget": [
        "Collect, analyse and correlate cyber threat information originating from multiple sources",
        "Use and apply CTI platforms and tools",
        "Conduct technical analysis and reporting",
        "Explain and present digital evidence in a simple, straightforward and easy to understand way",
        "Identify threat actors TTPs and campaigns",
        "Monitor new advancements in cybersecurity-related technologies"
    ],
    "ecsfRoles": [
        "Cyber Threat Intelligence Specialist",
        "Digital Forensics Investigator",
        "Cybersecurity Researcher"
    ],
    "targetAudience": [
        "Public sector",
        "SMEs"
    ],
    "prerequisitesEntryReq": [
        "Cybersecurity fundamentals",
        "Basic networks knowledge"
    ],
    "learningObjectives": [
        "Present the different malware types and families",
        "Explain malware analysis workflow and static and dynamic techniques",
        "Introduce tools for automated static and dynamic malware analysis",
        "Perform malware detection and fingerprinting"
    ],
    "suggestedLearningObjLOS": [
        "6",
        "11",
        "12"
    ],
    "learningOutcomes": [
        "Perform automated static and dynamic malware analysis employing the Sisyfos malware analysis platform",
        "Understand sandbox analysis results, statically extracted features and threat intelligence reports as well as employ AI-based malware detection tools",
        "Detect and fingerprint malicious samples"
    ],
    "courseDesc": "An introduction to malware analysis and detection focusing on the basics of static and dynamic analysis. The students will learn the malware analysis methodology and workflow an perform automated malware analysis, detection and fingerprinting. The students will also have the opportunity to employ Sisyfos, a unique platform for malware analysis and learning.",
    "detailedContentOutlineTopic": [
        "Module 1: Introduction to malware, types of malware, infection points and mechanisms -- Quiz 1",
        "Module 2: Malware analysis methodology overview, Malware analysis tools and platforms, Introduction to Sisyfos -- Lab 1: Access to Sisyfos and introduction to the UI",
        "Module 3: Malware detection, fingerprinting and automated static analysis employing Sisyfos -- Lab 2: Static analysis of a malware sample using Sisyfos",
        "Module 4: Automated dynamic analysis employing Sisyfos -- Lab 3: Dynamic analysis of a malware sample using Sisyfos & Quiz 2"
    ],
    "reqPlatformsInfra": [
        "Sisyfos malware analysis platform"
    ],
    "langDeliveryMaterial": "English (translations available upon request)",
    "assessmentMethod": [
        "3 Lab hands-on exercises",
        "2 Quizzes"
    ],
    "certOffered": [
        "A certificate of successful course completion is offered to the participant for a combined (average) minimum score of ≥ 75 % over all exam methods (75% ≤ GPA)"
    ],
    "supportingMaterial": [
        "Slide deck (PDF)",
        "step‑by‑step lab guide",
        "sample software samples for analysis"
    ],
    "ectsCredsEquivalent": "",
    "skillBasedMicroCredECTSCred": "",
    "additionalNotesComments": "",
    "repoPath": "",
    "linkType": "",
    "digitalTechnology": "AI, cybersecurity, IoT, big data, blockchain, robotics, augmented reality, virtual reality, high performance computing, machine learning, cloud computing, 5G, telecommunications, WiFi, quantum computing, software, mobile application development, web development, microelectronics, digital skills, digital transformation, robotic process automation, edge computing, Cyber Skills Academy.",
    "endDate": "It is calculated indirectly from the start and duration.",
    "geographicScope": "European Union",
    "isThisCourseFree": "Yes",
    "typeOfFunding": "",
    "typeOfTrainingRecord": "",
    "linkeText": "",
    "fieldOfEducationandTraining": "",
    "permissionToDistributeRawEducationalMaterial": ""
}

{
    "courseID": "CADMUS-MARE-02",
    "courseTitle": "Malware analysis, detection and threat intelligence",
    "authorOwner": "CTI",
    "contactPerson": [
        "Georgios Xenos",
        "Sotirios Giannopoulos"
    ],
    "cadmusCourseURL": "",
    "platformCategory": [
        "Sisyfos"
    ],
    "proficiencyLevel": "Intermediate",
    "eqfLevel": "6",
    "trainingType": [
        "Upskilling",
        "Reskilling"
    ],
    "deliveryMethod": "Online selfpaced with Online instructor‑led support",
    "durationIntensity": "24 hours",
    "expectedWeeklyTimeCommitment": "6",
    "traineeGroupSize": "5-20",
    "courseAvailability": "2026-05-01 00:00:00",
    "ecsfKeySkillsTarget": [
        "Use and apply CTI platforms and tools",
        "Identify threat actors TTPs and campaigns",
        "Conduct technical analysis and reporting",
        "Explain and present digital evidence in a simple, straightforward and easy to understand way"
    ],
    "ecsfRoles": [
        "Cyber Threat Intelligence Specialist",
        "Digital Forensics Investigator",
        "Cyber Incident Responder"
    ],
    "targetAudience": [
        "Public sector",
        "SMEs",
        "Security Operations Center"
    ],
    "prerequisitesEntryReq": [
        "Basic malware analysis knowledge",
        "Cybersecurity fundamentals",
        "Basic networks knowledge"
    ],
    "learningObjectives": [
        "Introduce the relevant tools for manual static and dynamic analysis",
        "Explain malware detection and classification methods focusing on YARA rules and custom rule generation",
        "Present the basics of threat intelligence extraction and sharing using MISP"
    ],
    "suggestedLearningObjLOS": [
        "6",
        "11",
        "12"
    ],
    "learningOutcomes": [
        "Perform manual deep static and sandbox malware analysis employing the Sisyfos malware analysis platform and external manual tools",
        "Understand network analysis tools and techniques",
        "Write and use custom YARA rules to detect and classify malware samples",
        "Extract threat intelligence from malware samples and share it using Threat Intelligence Sharing platforms such as MISP"
    ],
    "courseDesc": "An intermediate level course diving deep into malware analysis, using both static and dynamic analysis techniques. The course combines automated malware analysis using the Sisyfos platform with manual analysis of software samples. Additionally, the most popular malware detection mechanisms are presented with a focus on YARA rules and custom rule generation. Finally, students will learn how to extract threat intelligence from malware samples and share it employing MISP.",
    "detailedContentOutlineTopic": [
        "Module 1: Static analysis in depth -- Lab 1: Complete static analysis of a malware sample with Sisyfos and other tools",
        "Module 2: Dynamic analysis in depth, network traffic analysis -- Lab 2: Complete dynamic analysis of a malware sample with Sisyfos and other tools",
        "Module 3: Malware detection mechanisms, Machine Learning based systems, rule based detection and YARA/CAPA rules and other detection tools - Lab 3: YARA rules based detection",
        "Module 4: Threat Intelligence, correlation and sharing -- Lab 4: Threat Intelligence sharing"
    ],
    "reqPlatformsInfra": [
        "Sisyfos malware analysis platform",
        "MISP",
        "VM with YARA",
        "CAPA",
        "Procmon",
        "Wireshark"
    ],
    "langDeliveryMaterial": "English (translations available upon request)",
    "assessmentMethod": [
        "4 Lab hands-on exercises",
        "Final Quiz"
    ],
    "certOffered": [
        "An accreditation is offered to the participant for a combined (average) minimum score of ≥ 75 % over all exam methods"
    ],
    "supportingMaterial": [
        "Slide deck (PDF)",
        "step‑by‑step lab guide",
        "sample software samples for analysis"
    ],
    "ectsCredsEquivalent": "",
    "skillBasedMicroCredECTSCred": "",
    "additionalNotesComments": "",
    "repoPath": "",
    "linkType": "",
    "digitalTechnology": "AI, cybersecurity, IoT, big data, blockchain, robotics, augmented reality, virtual reality, high performance computing, machine learning, cloud computing, 5G, telecommunications, WiFi, quantum computing, software, mobile application development, web development, microelectronics, digital skills, digital transformation, robotic process automation, edge computing, Cyber Skills Academy.",
    "endDate": "It is calculated indirectly from the start and duration.",
    "geographicScope": "European Union",
    "isThisCourseFree": "Yes",
    "typeOfFunding": "",
    "typeOfTrainingRecord": "",
    "linkeText": "",
    "fieldOfEducationandTraining": "",
    "permissionToDistributeRawEducationalMaterial": ""
}

{
    "courseID": "CADMUS-MARE-03",
    "courseTitle": "Reverse Engineering",
    "authorOwner": "CTI",
    "contactPerson": [
        "Georgios Xenos",
        "Sotirios Giannopoulos"
    ],
    "cadmusCourseURL": "",
    "platformCategory": [
        "Sisyfos"
    ],
    "proficiencyLevel": "Advanced",
    "eqfLevel": "6",
    "trainingType": [
        "Upskilling",
        "Reskilling"
    ],
    "deliveryMethod": "Online selfpaced with (optional) live instructor support",
    "durationIntensity": "20 hours",
    "expectedWeeklyTimeCommitment": "5",
    "traineeGroupSize": "5-20",
    "courseAvailability": "2026-05-01 00:00:00",
    "ecsfKeySkillsTarget": [
        "Decompose and analyse systems to identify weaknesses and ineffective controls",
        "Review codes assess their security",
        "Conduct technical analysis and reporting",
        "Identify and exploit vulnerabilities",
        "Develop codes, scripts and programmes",
        "Monitor new advancements in cybersecurity-related technologies"
    ],
    "ecsfRoles": [
        "Cybersecurity Researcher",
        "Digital Forensics Investigator",
        "Penetration Tester"
    ],
    "targetAudience": [
        "Public sector",
        "SMEs",
        "Security Operations Center"
    ],
    "prerequisitesEntryReq": [
        "Basic malware analysis knowledge",
        "Cybersecurity fundamentals",
        "Basic networks knowledge",
        "C programming language basics",
        "Assembly basics"
    ],
    "learningObjectives": [
        "Introduce reverse engineering and the core functionalities of Ghidra",
        "Explain the basics of dissasembled and decompiled code as well as the process of reverse engineering",
        "Present advanced techniques malware authors employ, such as obfuscation, packing and encryption",
        "Present the latest techniques for automated malware analysis using the Sisyfos malware analysis platform and AI"
    ],
    "suggestedLearningObjLOS": [
        "6",
        "11",
        "12"
    ],
    "learningOutcomes": [
        "Perform reverse engineering of software and malware samples using Ghidra",
        "Understand the principles disassembled and decompiled code",
        "Detect and analyze samples that employ advanced techniques such as obfuscation, packing and encryption",
        "Automate the process of reverse engineering by employing the Sisyfos malware analysis platform and advanced AI based techniques"
    ],
    "courseDesc": "An advanced course focusing on reverse engineering of software and malware samples. The course introduces reverse engineering employing the Ghidra reverse engineering suite and provides the students with a hands-on experience. Additionally, advanced techniques such as packing, encryption and antiRE will be explored along with automated reverse engineering with Sisyfos and AI. The students will also have the opportunity to reverse engineer real-world malware samples.",
    "detailedContentOutlineTopic": [
        "Module 1: Introduction to reverse engineering, overview of tools, introduction to Ghidra -- Lab 1: Installation of Ghidra, basic UI and simple crackme",
        "Module 2: PE file format and Assembly -- Lab 2: Advanced Ghidra capabilities and advanced crackmes",
        "Module 3: Packed samples, encryption and antiRE techniques -- Lab 3: Analysis of real malware: WannaCry part 1",
        "Module 4: Automated reverse engineering with Sisyfos, Ghidra headless mode, AI assisted malware analysis and Ghidra MCP -- Lab 4: Analysis of real malware: WannaCry part 2"
    ],
    "reqPlatformsInfra": [
        "Sisyfos malware analysis platform",
        "VM with Ghidra"
    ],
    "langDeliveryMaterial": "English (translations available upon request)",
    "assessmentMethod": [
        "4 Lab hands-on exercises",
        "Final Quiz"
    ],
    "certOffered": [
        "An accreditation is offered to the participant for a combined (average) minimum score of ≥ 75 % over all exam methods"
    ],
    "supportingMaterial": [
        "Slide deck (PDF)",
        "step‑by‑step lab guide",
        "sample software samples for analysis"
    ],
    "ectsCredsEquivalent": "",
    "skillBasedMicroCredECTSCred": "",
    "additionalNotesComments": "",
    "repoPath": "",
    "linkType": "",
    "digitalTechnology": "AI, cybersecurity, IoT, big data, blockchain, robotics, augmented reality, virtual reality, high performance computing, machine learning, cloud computing, 5G, telecommunications, WiFi, quantum computing, software, mobile application development, web development, microelectronics, digital skills, digital transformation, robotic process automation, edge computing, Cyber Skills Academy.",
    "endDate": "It is calculated indirectly from the start and duration.",
    "geographicScope": "European Union",
    "isThisCourseFree": "Yes",
    "typeOfFunding": "",
    "typeOfTrainingRecord": "",
    "linkeText": "",
    "fieldOfEducationandTraining": "",
    "permissionToDistributeRawEducationalMaterial": ""
}

{
    "courseID": "CADMUS-MARE-04",
    "courseTitle": "OT/ ICS Security",
    "authorOwner": "CTI",
    "contactPerson": [
        "Yiannis Stamatiou",
        "Panagiotis Nastou",
        "Aristidis Ilias"
    ],
    "cadmusCourseURL": "",
    "platformCategory": [
        "LMS",
        "ICS/SCADA Simulation Environment"
    ],
    "proficiencyLevel": "Advanced",
    "eqfLevel": "6-7",
    "trainingType": [
        "Upskilling"
    ],
    "deliveryMethod": "Hybrid & Physical",
    "durationIntensity": "2 weeks (20 hours)",
    "expectedWeeklyTimeCommitment": "10",
    "traineeGroupSize": "20",
    "courseAvailability": "2026-12-01 00:00:00",
    "ecsfKeySkillsTarget": [
        "Identify threat actors TTPs and campaigns",
        "Conduct technical analysis and reporting",
        "Develop and communicate, detailed and reasoned investigation reports",
        "Manage and analyse log files",
        "Identify and solve cybersecurity-related issues",
        "Conduct ethical hacking"
    ],
    "ecsfRoles": [
        "Cyber Incident Responder",
        "Cyber Threat Intelligence Specialist",
        "Digital Forensics Investigator",
        "Chief Information Security Officer (CISO)",
        "Cybersecurity Educator",
        "Cybersecurity Implementer",
        "Cybersecurity Researcher",
        "Penetration Tester"
    ],
    "targetAudience": [
        "Malware analysts & reverse engineers",
        "OT/ICS security analysts & plant cybersecurity officers",
        "CERT/CSIRT personnel",
        "Threat intelligence researchers",
        "Red & blue team professionals supporting critical infrastructure"
    ],
    "prerequisitesEntryReq": [
        "Solid knowledge of cybersecurity fundamentals",
        "Good programming / scripting experience (preferably Python or C/C++)",
        "Understanding of networking and OS internals",
        "Prior exposure to malware analysis OR SOC/IR experience preferred"
    ],
    "learningObjectives": [
        "Understand architecture & constraints of industrial systems during malware execution",
        "Identify and classify ICS-targeted malware families (e.g., Stuxnet, CrashOverride, Triton, Industroyer, Havex, IRSTech, PipeDream)",
        "Perform binary and firmware reverse engineering using safe environments",
        "Conduct static, dynamic, and protocol-aware malware analysis",
        "Analyze tactics mapped to MITRE ATT&CK for ICS and EMBER taxonomy",
        "Extract IoCs, artifacts, and develop defensive/mitigation recommendations"
    ],
    "suggestedLearningObjLOS": [
        "1",
        "4",
        "6",
        "7",
        "11",
        "14",
        "20"
    ],
    "learningOutcomes": [
        "Reverse ICS binaries and firmware safely using isolated VMs and OT emulators",
        "Detect and analyze malicious code interacting with industrial protocols",
        "Identify persistence, lateral movement, and payload delivery mechanisms in OT networks",
        "Produce structured malware reports for SOC, TI and IR stakeholders",
        "Support defensive engineering, patching decisions and threat-driven safeguarding"
    ],
    "courseDesc": "A highly specialized training designed to develop capabilities in identifying, dissecting, analyzing, and understanding malware targeting OT/ICS, SCADA and IIoT systems. Using a controlled lab sandbox integrated with industrial digital-twin simulations, participants study advanced threat actor tactics, protocol abuse, firmware exploitation and binary reversing specific to safety-critical industrial environments.\n\nThe course balances theoretical threat intelligence with deep hands-on reversing and forensics of real-world ICS malware samples.",
    "detailedContentOutlineTopic": [
        "OT vs IT Security - Differences, challenges, safety-critical environments",
        "ICS/SCADA ecosystem (PLC, RTU, HMI, DCS, SIS)",
        "Overview of industrial communication protocols (Modbus, DNP3, OPC-UA, PROFINET)",
        "Safety, reliability and operational continuity as security requirements"
    ],
    "reqPlatformsInfra": [
        "Dedicated malware safe lab (isolated hypervisor sandbox)",
        "ICS/SCADA simulation suite or digital-twin",
        "Reverse-engineering toolset (Ghidra, IDA, Radare2, Frida, GDB, Firmwalker, Binwalk)",
        "Network packet analysis tools & ICS protocol analyzers"
    ],
    "langDeliveryMaterial": "English",
    "assessmentMethod": [
        "Lab-based malware case analysis (40%)",
        "Reverse engineering final project (35%)",
        "Knowledge quiz & defensive report (25%)"
    ],
    "certOffered": [
        "An accreditation is offered to the participant for a combined (average) minimum score of ≥ 75 % over all exam methods"
    ],
    "supportingMaterial": [
        "Slide deck (PDF)",
        "step‑by‑step lab guide",
        "sample software samples for analysis"
    ],
    "ectsCredsEquivalent": "",
    "skillBasedMicroCredECTSCred": "",
    "additionalNotesComments": "",
    "repoPath": "",
    "linkType": "",
    "digitalTechnology": "AI, cybersecurity, IoT, big data, blockchain, robotics, augmented reality, virtual reality, high performance computing, machine learning, cloud computing, 5G, telecommunications, WiFi, quantum computing, software, mobile application development, web development, microelectronics, digital skills, digital transformation, robotic process automation, edge computing, Cyber Skills Academy.",
    "endDate": "It is calculated indirectly from the start and duration.",
    "geographicScope": "European Union",
    "isThisCourseFree": "Yes",
    "typeOfFunding": "",
    "typeOfTrainingRecord": "",
    "linkeText": "",
    "fieldOfEducationandTraining": "",
    "permissionToDistributeRawEducationalMaterial": ""
}

{
    "courseID": "CADMUS-MARE-05",
    "courseTitle": "Reverse Engineering / Malware Analysis",
    "authorOwner": "CTI",
    "contactPerson": [
        "Dimitrios Serpanos",
        "George Xenos",
        "Sotirios Gioannopoulos"
    ],
    "cadmusCourseURL": "",
    "platformCategory": "",
    "proficiencyLevel": "",
    "eqfLevel": "",
    "trainingType": "",
    "deliveryMethod": "",
    "durationIntensity": "",
    "expectedWeeklyTimeCommitment": "",
    "traineeGroupSize": "",
    "courseAvailability": "",
    "ecsfKeySkillsTarget": "",
    "ecsfRoles": "",
    "targetAudience": "",
    "prerequisitesEntryReq": "",
    "learningObjectives": "",
    "suggestedLearningObjLOS": "",
    "learningOutcomes": "",
    "courseDesc": "",
    "detailedContentOutlineTopic": "",
    "reqPlatformsInfra": "",
    "langDeliveryMaterial": "",
    "assessmentMethod": "",
    "certOffered": "",
    "supportingMaterial": "",
    "ectsCredsEquivalent": "",
    "skillBasedMicroCredECTSCred": "",
    "additionalNotesComments": "",
    "repoPath": "",
    "linkType": "",
    "digitalTechnology": "AI, cybersecurity, IoT, big data, blockchain, robotics, augmented reality, virtual reality, high performance computing, machine learning, cloud computing, 5G, telecommunications, WiFi, quantum computing, software, mobile application development, web development, microelectronics, digital skills, digital transformation, robotic process automation, edge computing, Cyber Skills Academy.",
    "endDate": "It is calculated indirectly from the start and duration.",
    "geographicScope": "European Union",
    "isThisCourseFree": "Yes",
    "typeOfFunding": "",
    "typeOfTrainingRecord": "",
    "linkeText": "",
    "fieldOfEducationandTraining": "",
    "permissionToDistributeRawEducationalMaterial": ""
}

{
    "courseID": "CADMUS-MARE-06",
    "courseTitle": "HW Hacking",
    "authorOwner": "CTI",
    "contactPerson": [
        "Yiannis Stamatiou",
        "Panagiotis Nastou",
        "Aristidis Ilias"
    ],
    "cadmusCourseURL": "",
    "platformCategory": [
        "LMS",
        "Malware / Reverse Engineering Track",
        "Hardware Exploitation Labs"
    ],
    "proficiencyLevel": "Intermediate",
    "eqfLevel": "5-6",
    "trainingType": [
        "Upskilling",
        "Cross-skilling"
    ],
    "deliveryMethod": "Hybrid & Physical",
    "durationIntensity": "≤20 hours",
    "expectedWeeklyTimeCommitment": "≤2 weeks",
    "traineeGroupSize": "20",
    "courseAvailability": "2027-03-01 00:00:00",
    "ecsfKeySkillsTarget": [
        "Identify and exploit vulnerabilities",
        "Conduct technical analysis and reporting",
        "Decompose and analyse systems to identify weaknesses and ineffective controls",
        "Develop code, scripts and programmes",
        "Review codes assess their security",
        "Use penetration testing tools effectively",
        "Collect information while preserving its integrity",
        "Identify, analyse and correlate cybersecurity events",
        "Identify threat actors TTPs and campaigns",
        "Model threats, actors and TTPs",
        "Think creatively and outside the box",
        "Work ethically and independently; not influenced and biased by internal or external actors",
        "Develop cybersecurity exercises including simulations using cyber range environments"
    ],
    "ecsfRoles": [
        "Chief Information Security Officer (CISO)",
        "Cyber Incident Responder",
        "Cyber Legal, Policy & Compliance Officer",
        "Cyber Threat Intelligence Specialist",
        "Cybersecurity Auditor",
        "Cybersecurity Educator",
        "Cybersecurity Implementer",
        "Cybersecurity Researcher",
        "Digital Forensics Investigator",
        "Penetration Tester"
    ],
    "targetAudience": [
        "Cybersecurity Analysts",
        "SOC & DFIR teams",
        "Penetration Testers / Red Team",
        "Embedded Systems & IoT Security Engineers",
        "National Cyber Defense trainees",
        "Malware Research candidates"
    ],
    "prerequisitesEntryReq": [
        "Strong understanding of OS fundamentals (Windows + Linux)",
        "Basic scripting (Python) & debugging familiarity",
        "Prior ethical hacking / SOC exposure recommended",
        "Laptop with virtualization support (VT-x / AMD-V)"
    ],
    "learningObjectives": [
        "Classify malware families and infection vectors",
        "Perform static & dynamic malware analysis in isolated environments",
        "Reverse engineer binaries using IDA, Ghidra, x64dbg",
        "Analyze obfuscation, packers, shellcode & persistence mechanisms",
        "Apply hardware exploitation on IoT / embedded platforms",
        "Bypass security protections such as ASLR, DEP, NX",
        "Generate actionable threat intelligence reporting"
    ],
    "suggestedLearningObjLOS": [
        "1",
        "4",
        "6",
        "7",
        "11",
        "12",
        "14",
        "20"
    ],
    "learningOutcomes": [
        "Analyze malware end-to-end from sample acquisition to reporting",
        "Reverse engineer proprietary protocols & binaries",
        "Exploit IoT/embedded hardware using JTAG, UART, SPI",
        "Build practical detection, mitigation & intelligence outputs"
    ],
    "courseDesc": "A high-intensity professional cybersecurity training track combining theoretical foundations with real-world hands-on labs in malware analysis, reverse engineering, exploit development and hardware hacking. The program includes sandbox-based labs, advanced RE workshops and physical hardware exercises.",
    "detailedContentOutlineTopic": [
        "Malware Evasion, Packers & Cryptors",
        "Exploit Development & Shellcode Fundamentals",
        "Linux & Windows Kernel-level Analysis",
        "Hardware Exploitation Labs (Firmware extraction, UART/JTAG probing, SDR intro & IoT debugging)",
        "Capstone: Full Kill-Chain Reverse Engineering Project"
    ],
    "reqPlatformsInfra": [
        "Virtual Lab Images (Win + Linux)",
        "Cuckoo Sandbox / REMnux",
        "Ghidra / IDA Free / x64dbg / Radare2",
        "Firmware analysis tools: Binwalk, QEMU",
        "Hardware Kits: ESP32, Raspberry Pi, Debugging boards",
        "Secure VPN-based cyber lab access"
    ],
    "langDeliveryMaterial": "English",
    "assessmentMethod": [
        "Quizzes per Module (20%)",
        "Hands-on Lab Reports (30%)",
        "Capstone Reverse Engineering Project (40%)",
        "Participation / Lab Discipline (10%)"
    ],
    "certOffered": [
        "An accreditation is offered to the participant for a combined (average) minimum score of ≥ 75 % over all exam methods"
    ],
    "supportingMaterial": [
        "Slides",
        "lab guides",
        "sample datasets",
        "malware repository",
        "VM images",
        "sample firmware and debugging scripts"
    ],
    "ectsCredsEquivalent": "",
    "skillBasedMicroCredECTSCred": "",
    "additionalNotesComments": "",
    "repoPath": "",
    "linkType": "",
    "digitalTechnology": "AI, cybersecurity, IoT, big data, blockchain, robotics, augmented reality, virtual reality, high performance computing, machine learning, cloud computing, 5G, telecommunications, WiFi, quantum computing, software, mobile application development, web development, microelectronics, digital skills, digital transformation, robotic process automation, edge computing, Cyber Skills Academy.",
    "endDate": "It is calculated indirectly from the start and duration.",
    "geographicScope": "European Union",
    "isThisCourseFree": "Yes",
    "typeOfFunding": "",
    "typeOfTrainingRecord": "",
    "linkeText": "",
    "fieldOfEducationandTraining": "",
    "permissionToDistributeRawEducationalMaterial": ""
}

{
    "courseID": "CADMUS-MARE-07",
    "courseTitle": "MARE: Introduction to Purple Team Operations",
    "authorOwner": "CTI",
    "contactPerson": [
        "Ioanna Kantzavelou"
    ],
    "cadmusCourseURL": "",
    "platformCategory": [
        "Sisyfos",
        "LMS"
    ],
    "proficiencyLevel": "Intermediate",
    "eqfLevel": "7",
    "trainingType": [
        "Upskilling"
    ],
    "deliveryMethod": "Online self paced",
    "durationIntensity": "30 Hours total, 2 hours per day",
    "expectedWeeklyTimeCommitment": "10 hours",
    "traineeGroupSize": "5-50",
    "courseAvailability": "2026-10-01 00:00:00",
    "ecsfKeySkillsTarget": [
        "Decompose and analyse systems to identify weaknesses and ineffective controls",
        "Conduct technical analysis and reporting",
        "Collect, analyse and correlate cyber threat information originating from multiple sources",
        "Use and apply CTI platforms and tools",
        "Identify threat actors TTPs and campaigns"
    ],
    "ecsfRoles": [
        "Cybersecurity Researcher",
        "Cyber Threat Intelligence Specialist",
        "Digital Forensics Investigator"
    ],
    "targetAudience": [
        "Public sector",
        "large enterprises",
        "security operations centers",
        "incident response teams"
    ],
    "prerequisitesEntryReq": [
        "Familiarity with Linux/Windows command line",
        "programming (e.g. C/C++)",
        "basic assembly",
        "and networking fundamentals"
    ],
    "learningObjectives": [
        "Explain fundamentals of malware analysis and reverse engineering",
        "Perform static analysis of binaries (PE file structure, strings, imports/exports)",
        "Use disassembly tools (IDA Pro, Ghidra) to inspect code",
        "Execute malware safely in sandbox/VM (Cuckoo Sandbox) and analyze behavior",
        "Develop and apply YARA rules to identify malware artifacts"
    ],
    "suggestedLearningObjLOS": [
        "6",
        "11",
        "12"
    ],
    "learningOutcomes": [
        "Set up an isolated malware analysis lab with VMs and sandbox (Apply)",
        "Analyze a malicious executable using static techniques (strings, PEStudio) and dynamic tools (Wireshark for traffic) (Analyze)",
        "Use IDA/Ghidra to disassemble code and identify key functions (Apply)",
        "Create YARA signatures for given malware samples (Create)",
        "Write a brief report on a malware’s behavior and indicators (Evaluate/Create)"
    ],
    "courseDesc": "Malware is a growing threat to organizations. This course provides hands-on training in analyzing malware by reverse engineering. Students will learn to examine malware in a controlled environment using both static (disassembly) and dynamic (sandbox execution) techniques. Key tools include IDA Pro and Ghidra for disassembly, PEStudio for file inspection, Process Monitor for runtime behavior, and Cuckoo Sandbox (an open-source automated malware analysis system) for capturing execution logs. Participants will collect IOCs (network indicators, file hashes, registry changes) and write YARA detection rules",
    "detailedContentOutlineTopic": [
        "Module 1 - Introduction",
        "Module 2 - Static Analysis",
        "Module 3 - Dynamic Analysis",
        "Module 4 - Working with Direct and Indirect calls",
        "Module 5 - Basic Detection Mechanisms",
        "Module 6 - Data Exfiltration",
        "Module 7 - Adversary Emulation",
        "Module 8 - Exam"
    ],
    "reqPlatformsInfra": [
        "Kali Linux VM",
        "Windows 10 VM",
        "Windows 10 VM",
        "Ubuntu VM"
    ],
    "langDeliveryMaterial": "English",
    "assessmentMethod": [
        "Quizzes",
        "hands-on exercises"
    ],
    "certOffered": [
        "Certificate upon achieving ≥70 % combined score"
    ],
    "supportingMaterial": [
        "Slide deck (PDF)",
        "step-by-step lab guide",
        "sample malware datasets",
        "IDA/Ghidra cheat sheets",
        "YARA rule examples"
    ],
    "ectsCredsEquivalent": "",
    "skillBasedMicroCredECTSCred": "",
    "additionalNotesComments": "Aligned with ECSF skill areas (e.g., DET.ANA, MAL.REV). Content can be updated with emerging malware cases; threat-intel feeds (MISP) can simulate intel sharing",
    "repoPath": "",
    "linkType": "",
    "digitalTechnology": "AI, cybersecurity, IoT, big data, blockchain, robotics, augmented reality, virtual reality, high performance computing, machine learning, cloud computing, 5G, telecommunications, WiFi, quantum computing, software, mobile application development, web development, microelectronics, digital skills, digital transformation, robotic process automation, edge computing, Cyber Skills Academy.",
    "endDate": "It is calculated indirectly from the start and duration.",
    "geographicScope": "European Union",
    "isThisCourseFree": "Yes",
    "typeOfFunding": "",
    "typeOfTrainingRecord": "",
    "linkeText": "",
    "fieldOfEducationandTraining": "",
    "permissionToDistributeRawEducationalMaterial": ""
}