Malware and Exploit Essentials

This course is a mandatory  e-learning module of the residential Malware and Exploit Essentials course. The aim of this course to provide knowledge about technical insights for cyber defenders into techniques that malware uses to exploit vulnerabilities and to intrude into systems. Based on an introduction to OS features and analysis techniques, the use of debuggers as the most important tools for exploit research and methods for vulnerability detection like fuzzing will be discussed and this way establish a common basis of knowledge for the students attending  the residential part of the course, where the students who earned the certificate for this module can continue their studies with practical scenarios and examples.

This course is open to all individuals from Sponsoring Nations, Contributing Participants and NATO; and it can be accessed through the NATO e-Learning Joint Advanced Distributed Learning Portal.

Learning Objectives

Malware module:

  • Define malware and identify it’s different types
  • Identify the symptoms of malware infection as well as the most common attack vectors
  • Explain the structure of the Portable Executable file format
  • Differentiate between static and dynamic malware analysis
  • Describe the most common open-source programs used by investigators when performing malware analysis
  • Differentiate between obfuscated and packed malware and identify packed excutables

Exploit module:

  • Describe the meaning of an exploit
  • Describe the basic concept of memory in a modern operating system
  • Compile executable files in Linux
  • Follow the basic instructions in assembly language
  • Explain the basic functionalities of a debugger for exploit development

Target Audience

  • Technical staff of CERTs, IT departments or other governmental or military entities being involved in technical IT security or cyber defence.


  • Good work/administration experience in the Linux and Windows environments, especially command line.
  • Basic understanding of assembler and higher programming languages (optional).
  • Programming experience in assembler, C(++) or PYTHON (optional).
  • English language skill comparable to STANAG 6001,


The course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal and is available to all users of the portal. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ‘ADL 383 Malware and Exploit Essentials’ course listing.

Module certificate:

It is necessary when applying for the residential part of the course and you can download it once you successfully finish the final test of the module. When you register for the residential part of the course please email it to: [email protected]