Practical Malware Analysis & R.E.
Dissecting malicious software. Assembly code, debuggers, and reverse engineering.
Curriculum
20 ModulesSafety First: The Lab
Setting up a safe, isolated environment for detonating malware.
Basic Static Analysis
Using Strings, PEStudio, and VirusTotal to triage samples.
Virtual Machines & Sandboxes
Configuring FLARE VM, REMnux, and Cuckoo Sandbox.
Basic Dynamic Analysis
Detonating malware while watching Process Monitor and Wireshark.
x86 Architecture & Assembly
Understanding Registers (EAX, EBX), The Stack, and Opcodes.
Advanced Static Analysis (Disassembly)
Reading logic flow in IDA Pro and Ghidra.
Advanced Dynamic Analysis (Debugging)
Stepping through code with x64dbg. Breakpoints and patching.
Analyzing Downloaders & Droppers
How malware installs itself and fetches the second stage payload.
Malware Persistence
Analyzing Registry Run Keys, Services, and Scheduled Tasks.
Code Injection & Hooking
Process Hollowing, DLL Injection, and API Hooking techniques.
Obfuscation & Packing
Identifying packed executables (UPX) and unpacking them manually.
Analyzing Ransomware
Understanding encryption routines and shadow copy deletion.
Analyzing Keyloggers & Spyware
Finding the hook procedure and where stolen data is sent.
Network Signatures
Extracting C2 domains and User-Agents for detection rules.
Anti-Reverse Engineering
Defeating IsDebuggerPresent() and VM detection checks.
Mobile Malware (Android APKs)
Decompiling Java/Smali code with JADX.
Rootkits
User-mode vs Kernel-mode rootkits. Hooking the SSDT.
BIOS/UEFI Malware
Persistence that survives a hard drive format.
Document Malware (VBA Macros)
Analyzing malicious Word/Excel docs (olevba).
Capstone: Reverse Engineering a RAT
Full analysis of a Remote Access Trojan sample.