{"product_id":"a-practical-malware-analysis-threat-hunting-with-memory-forensics-endpoint-telemetry-ai-driven-hunting-monnappa-k-a-sajan-shetty-dcsg2026-copy","title":"Analyze, Detect \u0026 Hunt: Hands-On Malware Analysis, Memory Forensics \u0026 AI-Driven Threat Hunting with Endpoint Telemetry - Monnappa K A \u0026 Sajan Shetty - DCTLV2026","description":"\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003e\u003cstrong\u003eName of Training\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Analyze, Detect \u0026amp; Hunt: Hands-On Malware Analysis, Memory Forensics \u0026amp; AI-Driven Threat Hunting with Endpoint Telemetry\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eTrainer(s)\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Monnappa K A and Sajan Shetty\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cstrong\u003eDates\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eAugust 10-11, 2026\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cstrong\u003eTime:\u003c\/strong\u003e 8:00 am to 5:00 pm \u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cstrong\u003eVenue\u003c\/strong\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eLas Vegas Convention Center\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eCost: \u003c\/strong\u003e$2,250 (USD)\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eShort Summary:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eThis 2-day intensive, hands-on training teaches the concepts, tools, and techniques required to analyze, investigate, and hunt malware by combining four powerful approaches: malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting. The course begins with the foundations of malware analysis, Windows internals, and memory forensics, before moving into advanced concepts of malware investigation and hunting adversary techniques.\u003c\/p\u003e\n\u003cp\u003eThrough real-world labs and scenarios, students will perform static, dynamic, code, and memory analysis; investigate real malware samples and infected memory images (crimeware, APT malware, rootkits, fileless threats); and analyze Sysmon\/endpoint telemetry to detect persistence, lateral movement, and stealth techniques such as LOLBins abuse. By studying these behaviors, participants will gain a deep understanding of the latest adversary tactics, techniques, and procedures (TTPs) and apply this knowledge directly in investigative workflows.\u003c\/p\u003e\n\u003cp\u003eWhat makes this training unique and future-ready is the introduction to the concept of AI-powered autonomous hunting with the Garuda Threat Hunting Framework. By integrating Garuda with Large Language Models (LLMs), participants will see how AI can accelerate event triaging, extract IOCs, map activity to MITRE ATT\u0026amp;CK, and even generate automated hunting reports — enabling analysts to hunt unknown threats without relying on traditional IOCs, signatures, or patterns. This demonstrates how AI augments human expertise and strengthens modern SOC operations. (AI hunting preview: https:\/\/youtu.be\/Sk_c5w1CEiY)\u003c\/p\u003e\n\u003cp\u003eBy the end of the training, attendees will be fully equipped to detect, analyze, investigate, hunt, and respond to sophisticated cyber threats — combining hands-on technical expertise with AI-assisted hunting capabilities. These are essential skills for SOC analysts, incident responders, malware analysts, and threat hunters who want to stay ahead of today’s evolving threats.\u003c\/p\u003e\n\u003cp\u003eWhether you are a beginner building your foundation or an experienced professional refining advanced skills, this training delivers the knowledge, tools, and practical labs you need to succeed.\u003c\/p\u003e\n\u003cp\u003eWhat’s included: Malware samples, infected memory images, course material, lab solution manual, video demos, custom scripts (including the Garuda Threat Hunting Framework with additional modules), and a preconfigured Linux VM for hands-on practice.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCourse Description: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eMalware analysis, memory forensics, and endpoint telemetry-based hunting are among the most powerful investigative techniques used in reverse engineering, digital forensics, threat hunting, and incident response. With adversaries becoming increasingly sophisticated — deploying fileless malware, rootkits, and stealthy techniques to compromise critical infrastructures, enterprises, and government organizations — the ability to detect, investigate, and respond to such intrusions has become an essential skill for every cybersecurity professional.\u003c\/p\u003e\n\u003cp\u003eThis hands-on training provides a complete practical approach, uniquely combining malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting into a single program. Participants will begin with the foundations of malware analysis, Windows internals, reverse engineering, and memory forensics, before progressing into advanced investigations such as rootkits, fileless malware, and stealthy adversary techniques that often bypass traditional defenses.\u003c\/p\u003e\n\u003cp\u003eThroughout the training, attendees will learn to:\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003e Analyze real-world malware samples using static, dynamic, code, and memory analysis — gaining skills directly applicable to real SOC and IR investigations.\u003c\/li\u003e\n\u003cli\u003eInvestigate infected memory images (crimeware, APT malware, fileless malware, rootkits) using the Volatility memory forensics framework — a must-have capability for modern forensic investigations.\u003c\/li\u003e\n\u003cli\u003eCorrelate Sysmon and endpoint telemetry with forensic artifacts to uncover persistence, credential theft, lateral movement, and stealth techniques such as Living off the Land (LOLBins) abuse — techniques adversaries use daily.\u003c\/li\u003e\n\u003cli\u003eLeverage the Garuda Threat Hunting Framework to filter, prioritize, and triage Sysmon events for more effective and efficient threat hunting.\u003c\/li\u003e\n\u003cli\u003eExperience AI-powered autonomous hunting by integrating Garuda with Large Language Models (LLMs) to accelerate event triaging, extract IOCs, map activity to MITRE ATT\u0026amp;CK, and generate automated reports — enabling you to hunt unknown threats without relying on IOCs, signatures, or patterns\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eTo ensure a completely practical learning experience, each module includes scenario-driven labs and demonstrations. Attendees will:\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eBuild and operate a safe, isolated malware analysis lab.\u003c\/li\u003e\n\u003cli\u003eAnalyze network and host-based indicators (IOCs).\u003c\/li\u003e\n\u003cli\u003eInvestigate code injection, hooking, and persistence techniques used by adversaries.\u003c\/li\u003e\n\u003cli\u003eIncorporate malware analysis and memory forensics into sandbox automation workflows.\u003c\/li\u003e\n\u003cli\u003ePractice investigative workflows used in real-world SOC and IR environments.\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eThis ensures attendees don’t just learn concepts — they apply them exactly as they would in live investigations.\u003c\/p\u003e\n\u003cp\u003eBy the end of the course, participants will have the skills to:\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eUnderstand how malware and Windows internals work.\u003c\/li\u003e\n\u003cli\u003eCreate safe and isolated environments for malware analysis.\u003c\/li\u003e\n\u003cli\u003ePerform static, dynamic, and code-level malware analysis.\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eDebug malware with IDA Pro and x64dbg.\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eInvestigate downloaders, droppers, keyloggers, backdoors, and fileless malware.\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eDetect advanced persistence, process injection, and rootkit techniques.\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eAcquire and analyze memory images using Volatility.\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eIncorporate memory forensics into reverse engineering and sandboxing workflows.\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eHunt malware using endpoint telemetry and Sysmon logs.\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eLeverage the Garuda Framework and AI-powered hunting to detect stealthy adversary behavior and automate investigation steps.\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eThis course is suitable for both beginners and experienced professionals. Beginners will build a strong foundation in malware analysis and forensics, while seasoned professionals will sharpen their skills in advanced threat detection, incident response, and AI-assisted hunting\u003c\/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cmeta charset=\"utf-8\"\u003e \u003cstrong\u003eCourse Outline: \u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cmeta charset=\"utf-8\"\u003e\u003cspan\u003eThe following topics will be covered in this course:\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"text-decoration: underline;\"\u003eDay 1:\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eIntroduction to Malware Analysis\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - What is Malware\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - What they do\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Why malware analysis\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Types of malware analysis\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Setting up an isolated lab environment\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eStatic Analysis\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Fingerprinting the malware\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Extracting strings\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Determining File obfuscation\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Pattern matching using YARA\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Fuzzing hashing \u0026amp; comparison\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding PE File Characteristics\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Disassembly\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise involves analyzing the real malware sample\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e \u003c\/span\u003e\u003cbr\u003e\u003cspan\u003eDynamic Analysis\/Behavioural analysis\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Dynamic Analysis Steps\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding Dynamic Analysis tools\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Simulating services\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Performing Dynamic Analysis\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Monitoring process, filesystem, registry, and network activity\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Determining the Indicators of compromise (host and network indicators)\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Demo - Showing the static \u0026amp; dynamic analysis of real malware sample\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise involves analyzing the real malware sample\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003e Automating Malware Analysis (sandbox)\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Custom Sandbox Overview\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Working of Sandbox\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Sandbox Features\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Demo - Analyzing malware in the custom sandbox\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eCode Analysis\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Code Analysis Overview\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Disassembler \u0026amp; Debuggers\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Code Analysis Tools\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Basics of IDA Pro\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Basics of Ollydbg\/x64dbg\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding the API calls\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Reversing Malware functionalities(Downloader, dropper, keylogger, code injection, HTTP backdoor)\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise involves analyzing th real malware sample\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eIntroduction to Memory Forensics\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - What is Memory Forensics\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Why Memory Forensics\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Steps in Memory Forensics\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Memory acquisition and tools\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Acquiring memory From a physical machine\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Acquiring memory from the virtual machine\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on exercise involves acquiring the memory\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eVolatility Overview\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Introduction to Volatility Advanced Memory Forensics Framework\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Volatility Installation\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Volatility basic commands\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Determining the profile\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Volatility help options\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Running the plugin\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"text-decoration: underline;\"\u003eDay 2:\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eInvestigating Process\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding Process Internals\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Process (EPROCESS) Structure\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Process organization\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Process Enumeration by walking the double-linked list\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - process relationship (parent-child relationship)\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding DKOM attacks\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Process Enumeration using pool tag scanning\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Volatility plugins to enumerate processes\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Identifying malware process\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise(scenario-based) involves investigating malware-infected memory\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eInvestigating Process handles \u0026amp; Registry\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Objects and handles overview\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Enumerating process handles using Volatility\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding Mutex\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Detecting malware presence using the mutex\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding the Registry\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Investigating common registry keys using Volatility\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Detecting malware persistence\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise (scenario-based) involves investigating malware-infected memory\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eInvestigating Network Activities\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding malware network activities\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Volatility Network Plugins\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Investigating Network connections\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Investigating Sockets\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise(scenario-based) involves investigating malware-infected memory\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eInvestigation Process Memory\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Process memory Internals\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Listing DLLs using Volatility\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Identifying hidden DLLs\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Dumping malicious executable from memory\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Dumping Dll's from memory\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Scanning the memory for patterns(yarascan)\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise(scenario-based) involves investigating malware-infected memory\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eInvestigating User-Mode Rootkits \u0026amp; Fileless Malwares\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Code Injection\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Types of Code injection\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Remote DLL injection\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Remote Code injection\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Reflective DLL injection\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hollow process injection\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Demo - Case Study\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise(scenario-based) involves investigating malware-infected memory\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eInvestigating Kernel-Mode Rootkits\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding Rootkits\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding Functional call traversal in Windows\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Level of Hooking\/Modification on Windows\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Kernel Volatility plugins\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Hands-on lab exercise(scenario-based) involves investigating malware-infected memory\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eThreat Hunting Using Event Triaging\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Introduction to Sysmon\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Understanding Sysmon Events\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Introduction to Garuda Threat Hunting Framework\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Filtering Sysmon events using Garuda\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Living off the Land attacks\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Demo: Hunting LoLbins (Living of the land binary) and multi-staged attacks\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eAI-Powered Threat Hunting\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Introduction to AI in threat detection \u0026amp; hunting\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Introduction to MCP (Model Context Protocol)\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Exposing Tools to the LLM\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Integrating Garuda Framework with AI application.\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - How Garuda + AI can triage events, identify IOCs, and Map events to ATT\u0026amp;CK Techniques\u003c\/span\u003e\u003cbr\u003e\u003cspan\u003e - Demo: AI-powered autonomous Threat hunting to hunt for complex attack patterns.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDifficulty Level:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll Levels - This course starts with basics and then gradually progresses deep into more advanced concepts, so this course is suitable for Beginners, Intermediate, and Advanced students.\u003cbr\u003e\u003c\/span\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eSuggested Prerequisites:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli dir=\"ltr\"\u003e\n\u003cb\u003e\u003c\/b\u003e\u003cspan\u003eShould be familiar with using Windows\/Linux\u003cbr\u003e\u003c\/span\u003e\n\u003c\/li\u003e\n\u003cli dir=\"ltr\"\u003e\u003cspan\u003eShould have an understanding of basic programming concepts, while programming experience is not mandatory.\u003c\/span\u003e\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong style=\"font-family: -apple-system, BlinkMacSystemFont, 'San Francisco', 'Segoe UI', Roboto, 'Helvetica Neue', sans-serif; font-size: 0.875rem;\"\u003eWhat Students Should Bring:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eLaptop with a minimum of 8GB RAM and 60GB free hard disk space\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eLaptop with USB ports - lab samples and custom Linux VM will be shared via USB sticks\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eVMware Workstation or VMware Fusion (even trial versions can be used).\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eWindows Operating system (preferably 64-bit versions of Windows 11 or Windows 10) installed inside VMware Workstation\/Fusion. Students must have full administrator access to the Windows operating system installed inside the VMware Workstation\/Fusion.\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003eNote: VMware Player or VirtualBox is not suitable for this training. Apple systems using the M1 processor line cannot perform the necessary virtualization functionality; therefore, they are not suitable for this course.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat the Trainer Will Provide:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eCourse material (pdf copy)\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eLab solution material\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eVideos used in the course\u003c\/li\u003e\n\u003cli\u003eMalware samples used in the course\/labs\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eMemory Images used in the course\/labs\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eLinux VM (to be opened with VMware Workstation\/Fusion) containing necessary tools and samples\u003cbr\u003e\n\u003c\/li\u003e\n\u003cli\u003eCustom tools\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eTrainer(s) Bio:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eMonnappa K A\u003c\/strong\u003e is a Security Professional with over 17 years of experience in incident response, investigation, and threat hunting. He previously worked for Microsoft and Cisco as a threat hunter, mainly focusing on the investigation and research of advanced cyberattacks. He is the author of the best-selling book Learning Malware Analysis, and serves on the review board for Black Hat Asia, Black Hat USA, Black Hat Europe. He is the creator of the Garuda Threat Hunting Framework, Limon Linux sandbox, and the winner of the Volatility Plugin Contest 2016. He co-founded the cybersecurity research community Cysinfo (https:\/\/www.cysinfo.com). Monnappa has trained thousands of security professionals globally through his highly acclaimed hands-on training sessions on malware analysis, reverse engineering, memory forensics, and threat hunting at major conferences such as Black Hat (USA, Europe, Asia, MEA), DEFCON, BruCON, HITB, FIRST (Forum of Incident Response and Security Teams), SEC-T, OPCDE, and 4SICS-SCADA\/ICS cybersecurity summit. He has also presented at numerous security conferences, including Black Hat, DEFCON, FIRST, DSCI, National Cyber Defence Summit, Bharat NCX, and Cysinfo meetings, covering topics related to threat hunting, memory forensics, malware analysis, and reverse engineering. In addition, he has authored articles for eForensics and Hakin9 magazines.You can find some of his contributions to the community on his YouTube channel (http:\/\/www.youtube.com\/c\/MonnappaKA), and you can read his blog posts at https:\/\/cysinfo.com\u003cbr\u003eTwitter: @monnappa22\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eSajan Shetty\u003c\/strong\u003e is a Cyber Security enthusiast. He is an active member of Cysinfo, an open Cyber Security Community(https:\/\/www.cysinfo.com) committed to educating, empowering, inspiring, and equipping cyber security professionals and students to better fight and defend against cyber threats. He has conducted training sessions at Black Hat, DEFCON, BRUCON and HITB, and his primary fields of interest include machine learning, malware analysis, and memory forensics. He has various certifications in machine learning and is passionate about applying machine learning techniques to solve cybersecurity problems.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eRegistration Terms and Conditions: \u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTrainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBetween July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll trainings are non-refundable after August 5, 2026.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTraining tickets may be transferred to another student. Please email us at training@defcon.org for specifics.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIf a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eFailure to attend the training without prior written notification will be considered a no-show. No refund will be given.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy purchasing this ticket you agree to abide by the \u003c\/span\u003e\u003ca href=\"https:\/\/defcon.org\/html\/links\/dc-code-of-conduct.html\"\u003e\u003cspan\u003eDEF CON Training Code of Conduct\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e and the registration terms and conditions listed above.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSeveral breaks will be included throughout the day. Please note that food is not included.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.\u003c\/span\u003e\u003c\/p\u003e","brand":"Las Vegas 2026","offers":[{"title":"Course only - Aug 10-11","offer_id":47689048391898,"sku":null,"price":2250.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0629\/2088\/4442\/files\/Monnappa_updated_image.png?v=1776289220","url":"https:\/\/training.defcon.org\/products\/a-practical-malware-analysis-threat-hunting-with-memory-forensics-endpoint-telemetry-ai-driven-hunting-monnappa-k-a-sajan-shetty-dcsg2026-copy","provider":"defcontrainings","version":"1.0","type":"link"}