← ACADEMY
TECHNICAL TRAINING UNIT

Malware Reverse Engineering

DURATION12H
STATUSACTIVE

Overview

Malware Reverse Engineering teaches analysts how to examine suspicious files safely, understand what they do, and translate technical observations into useful defensive intelligence. The course covers both static and dynamic analysis, with a careful focus on lab isolation, repeatable workflow, and evidence-driven conclusions.

You will learn how malware interacts with files, processes, memory, registry or configuration stores, network services, and command-and-control infrastructure. The course avoids sensational treatment of malware and instead treats analysis as disciplined investigative work that supports incident response, detection engineering, threat intelligence, and secure operations.

What you'll learn

  • How to build and operate an isolated malware analysis lab
  • Static triage using hashes, strings, metadata, imports, and packer indicators
  • Dynamic behavior analysis with process, file system, registry, and network monitoring
  • Basic disassembly concepts and how to reason about program flow
  • Common malware capabilities such as persistence, credential theft, evasion, and command-and-control
  • How to extract indicators of compromise and write useful analyst notes
  • How malware analysis supports detection, response, and remediation

Prerequisites

Participants should understand operating system basics, networking fundamentals, and command-line usage. Familiarity with programming concepts, Windows internals, or assembly language is helpful but not mandatory. A responsible attitude toward handling live malware samples is required.

Outcomes

By the end of the course, you will be able to safely triage suspicious samples, identify key behaviors, separate speculation from evidence, and communicate findings in a way that helps defenders act. You will have a practical foundation for incident response analysis, detection engineering, and deeper reverse engineering study.