TRAINING COURSES
Blue and Red Team Training Courses
BlackStorm Security offers extensive and detailed trainings about the most relevant topics in the Security area, including within each course a vast expertise of solving real cases and critical problems.

All courses can be delivered as either Instructor Leading Trainings (ILTs) or ONLINE, and their table of contents may suffers changes anytime, with the insertion/changing/removing of topics without prior notice.
ALL COURSES AVAILABLE!
MALICIOUS DOCUMENT ANALYSIS
Information: 16 hours -- Basic
Introduction
OLE/PDF Structure and Malicious PDF Analysis
Static and Dynamic Microsoft Office Document Analysis
Analysis of EML, MSI, CHM and other formats
MALWARE ANALYSIS 1
Information: 64 hours -- Intermediate
Introduction, Lab Configuration and PE Format Overview
Sandbox
Basic Analysis
Yara
Stack Review and Windows API
Networking API
DLL Concepts
Code Injection
Hooking and COM
Disassembling
Debugging
Unpacking
Malware Analysis
MALWARE ANALYSIS 2
Information: 80 hours -- Intermediate to Advanced
Lab Setup and Reversing Concepts
Specialized Sandbox and Unpacking Native Binary
Special Case of Unpacking and x64 Malware
Anti-Forensics Techniques
Crypto Fundamentals, Code Injection and Hooking Review
Decoding strings, Resolving APIs and Extracting C2 Configuration
Introduction to Shellcode Analysis and Golang Reversing
.NET Malware Concepts, Unpacking and .NET Malware Analysis
MALWARE ANALYSIS 3
Information: 96 hours -- Advanced
Key Reversing Concepts, Lab Setup and Native Binary Analysis Review
FLIRT Signatures, IDA SDK, IDC/IDA Python and Writing IDA Plugins
Shellcode Analysis in Depth, Analyzing Python, VBS, Powershell and Javascript
Detailed .NET Malware Analysis, Ransomware Analysis and C++ Reversing
Introduction to Kernel Drivers and Kernel Driver Reversing
C WINDOWS SYSTEM PROGRAMMING 1
Information: 64 hours -- Intermediate
Introduction
Basics
Kernel Objects and other artifacts
Processes
Thread Foundation
Synchronization 1
Synchronization 2
Synchronization 3
Thread Pools
Synchronous I/O
Memory
MEMORY ANALYSIS 1
Information: 64 hours -- Intermediate
Introduction
Memory Concepts
Making a Lab
Windows 10 Forensics Challenges and Volatility 3
Memory Acquisition and Image Management
Windows Objects and Kernel Pool
Volshell
Processes
Environment Variables, DLLs and Registry
Code Injection and Hooking
Network Investigation
Event Logs
Windows Services
Kernel Modules
Real Cases
Gui Threads
Disks and Timelines
NETWORK THREAT ANALYSIS
Information: 16 hours -- Basic to Intermediate
Introduction and Lab Setup
Threat Detection
Flow Analysis and Wireshark Foundations
Intercepting and Decrypting Secure Communications
Traffic Analysis
Supplemental Network Evidences
Hunting, Analyzing and Decoding C2
Case Analysis
WINDOWS EXPLOIT DEVELOPMENT I
Information: 64 hours -- Basic to Intermediate
Lab Setup and Windows Protections
Simple Buffer Overflow and SEH Exploitation
DEP Exploitation, EggHunter and EggHunter Subtypes
Exploitation Challenges and ROP Exploitation
ROP Examples and Restrictions
WINDOWS INTERNALS 1
Information: 64 hours -- Intermediate
General Concepts and Internal Architecture
Processes and Threads
Memory Management: heap, stack and mechanisms
I/O and Device Drivers
Security Internals and Mitigations
WINDOWS INTERNALS 2
Information: 64 hours -- Intermediate
System Mechanisms: hardware, dispatching, synchronization, APC, WNF and other mechanisms
Virtualization: hypervisor internals, VBS, Secure Kernel and other mechanisms
Registry, Windows Services, WMI, ETW and related concepts
Caching, NTFS, Encrypted File System and other file systems
Booting and Shutdown Process
KERNEL DRIVER PROGRAMMING
Information: 120 hours -- Advanced
Introduction, Lab Setup and Kernel Drivers Development Concept
KIRQL, Exceptions, Memory Management and Objects
Writing a Basic Device Driver
Windows Kernel Driver Debugging
IRQL, DPC, APC and Synchronization Concepts
IRQ, Dispatching and User Buffers
Process, Objects, Notification and Callbacks
File System Mini-Filter Driver
Filter Drivers, WFP and related topics
Miscellaneous
CSSLP PREPARATORY COURSE
Information: 40 hours -- Basic
Secure Software Testing and Secure Software Lifecycle Management
Secure Software Concepts, Supply Chain and Secure Software Requirements
Software Acquisition, Deployment, Operations and Maintenance
Implementation of Secure Software Programming and Design
ASSEMBLY x86/x64
Information: 64 hours -- Basic
Introduction and Lab Setup
x86/x64 Registers and Basic Operations
x86/x64 Stack and Functions
Arrays and System Calls
I/O Operations, Structs and other objects
C WINDOWS SYSTEM PROGRAMMING 2
Information: 64 hours -- Intermediate
Mapped Files
Dynamic Linking Libraries (DLLs)
Registry
Inter-Process Communication (IPC)
Services
COM
Code Injection and Hooking
Networking
Security
Asynchronous I/O
Exceptions
C++ PROGRAMMING 1
Information: 64 hours -- Intermediate
C++ Foundations
Strings and Associated Classes
OOP Basics
Memory, Classes and Objects
Inheritance, References, Types and Casts
Introduction to Templates
Exceptions, Errors and Miscellaneous
C# PROGRAMMING 1 and 2
Information: 128 hours -- Intermediate
Introduction to .NET Core
First Applications
Main .NET Core Program Components
C# OOP Concepts
Exceptions and Interfaces
Foundation on Collections and Generics
Extension Methods, Anonymous Types and related topics
Delegates, Lambda and Events
LINQ and Processes
Multithread and Async
Class Libraries
Reflection and DRL
CIL
File IO and Serialization
ANDROID REVERSING 1
Information: 64 hours -- Intermediate
Introduction and Lab Setup
Android Concepts
Android Operations
Android Static Analysis and Dynamic Analysis
Network Analysis and Mobile Frameworks
ARM Assembly Review
Android Malware Analysis
iOS REVERSING 1
Information: 64 hours -- Intermediate
Introduction and Lab Setup
iOS Concepts
iOS Mobile Operations
iOS Static and Dynamic Analysis
Network Analysis and ARM Assembly Review
iOS Malware Analysis
C++ PROGRAMMING 2
Information: 64 hours -- Intermediate
Standard Libraries: part 1
Containers and Iteractors
Standard Libraries: part 2
Strings and associated operations
Library Tools
Standard Libraries: part 3
Templates
Multithreads
INCIDENT RESPONSE AND THREAT HUNTING 1
Information: 96 hours -- Basic to Intermediate
Intrusion Detection Systems, Elasticsearch 8.x and Elasticsearch Integrations.
Sandbox, Integrations, Wazuh and Arkime.
Command Line IR, Registry Investigation and Browser Forensics.
E-mail Threat Hunting, Windows Threat Hunting e Windows Security.
Adversary Strategies, Evidence Acquisition and Incident Response.
Windows Incident Response, Threat Hunting Information and Yara.
Attack Overview, Disk/File System Forensic Analysis and Windows Logging.
Managing Sysmon, Lateral Movement and Forensic Timeline.
Malware Attack Simulation.
INCIDENT RESPONSE AND THREAT HUNTING 2
Information: 80 hours -- Intermediate
Introduction
Environment Setup
Memory Threat Hunting on Windows: Detailed Approach
Memory Threat Hunting on Linux: Detailed Approach
USB Forensics
Windows Application Forensics
Linux Forensics
Miscellaneous
Practical Exercises (cases)
SECURE CODE
Information: 64 hours -- Intermediate
Introduction
Secure Code Life Cycle
Code protections
Secure Code Problems: pointers, leaks, race condition and others
Web Application: main vulnerabilities
Memory Management: native and managed code
Window/Linux Protections, Buffer Overflow, Fuzzing and Platform Protections
Static/Dynamic Analysis using Frameworks, Anti-Reversing and Obfuscation Techniques
Synchronization and Parallelism: techniques, issues and mitigations