Malware Analysis

Malware Analysis and Reverse Engineering

Windows malware triage, behavioural analysis, reverse engineering, debugging, unpacking, shellcode, detection and reporting.

Expert 64 Hours16 Modules16 LabsKUB-MARE-64
Overview

A 70% hands-on programme with one guided investigation per module. You build an isolated lab and work through the full analysis workflow — static triage, behavioural and network analysis, PE analysis, Ghidra, x64dbg, unpacking, shellcode, malicious documents, anti-analysis and injection — ending in YARA detections, ATT&CK mapping and a complete report.

64Hours
16Modules
16Labs
CertOn Compl.
Curriculum
16 Modules · 16 Labs · 64 Hours
Foundation & Fundamentals

Malware categories, infection chains and the static/dynamic/code-analysis approaches.

8 Topics1 Lab

Building and verifying an isolated, network-controlled analysis environment.

8 Topics1 Lab

How malware executes, persists and communicates on Windows.

7 Topics1 Lab

Reading and tracing basic malware-relevant assembly routines.

8 Topics1 Lab
Beginner

Producing a static triage profile without executing the sample.

8 Topics1 Lab

Executing a controlled sample and building a host-behaviour timeline.

8 Topics1 Lab

Reconstructing malware communication and extracting network indicators.

7 Topics1 Lab
Intermediate

Inspecting PE structures and execution-relevant anomalies.

8 Topics1 Lab

Reverse engineering important functions and documenting malware logic.

7 Topics1 Lab

Controlling malware execution and verifying hidden functionality.

8 Topics1 Lab
Advanced

Recovering an analysable executable from a packed sample.

7 Topics1 Lab

Extracting and explaining embedded shellcode behaviour.

6 Topics1 Lab

Analysing a document or script infection chain and recovering its payload.

8 Topics1 Lab

Neutralising anti-analysis controls and tracing an injection workflow.

8 Topics1 Lab
Expert

Creating detection content and a stakeholder-ready report.

7 Topics1 Lab

Completing and defending an end-to-end malware-analysis investigation.

8 Topics1 Lab
Who It's For

SOC Analysts

Malware triage, alert validation and behavioural investigation of suspicious files.

Incident Responders

Investigating malicious files and compromised systems during and after incidents.

DFIR & Threat Intel Analysts

Malware artefact identification, capability analysis and behavioural mapping.

Researchers & Pentesters

Reverse engineering, payload behaviour analysis and defensive detection awareness.

Outcomes & Takeaways
Build and validate an isolated malware-analysis lab
Perform static triage without executing the sample
Analyse behaviour via process, filesystem and registry monitoring
Investigate network communication and extract indicators
Reverse engineer functions with Ghidra and x64dbg
Identify and unpack protected samples and extract shellcode
Analyse malicious documents and defeat anti-analysis and injection
Create YARA detections, map to ATT&CK and report professionally
Course Benefits

70% hands-on

Practical-heavy delivery — one guided investigation per module in an isolated lab.

Industry toolchain

FLARE-VM, REMnux, Ghidra, x64dbg, PEStudio, YARA, FakeNet-NG and more.

Detection & ATT&CK

Turn analysis into YARA rules and MITRE ATT&CK mappings, not just findings.

Report-ready

Produce professional technical and executive malware-analysis reports.

Interested in this course? Our team will reach out within 1 business day.

Enquire Now