Malware Analysis and Reverse Engineering
Windows malware triage, behavioural analysis, reverse engineering, debugging, unpacking, shellcode, detection and reporting.
A 70% hands-on programme with one guided investigation per module. You build an isolated lab and work through the full analysis workflow — static triage, behavioural and network analysis, PE analysis, Ghidra, x64dbg, unpacking, shellcode, malicious documents, anti-analysis and injection — ending in YARA detections, ATT&CK mapping and a complete report.
Malware categories, infection chains and the static/dynamic/code-analysis approaches.
Building and verifying an isolated, network-controlled analysis environment.
How malware executes, persists and communicates on Windows.
Reading and tracing basic malware-relevant assembly routines.
Producing a static triage profile without executing the sample.
Executing a controlled sample and building a host-behaviour timeline.
Reconstructing malware communication and extracting network indicators.
Inspecting PE structures and execution-relevant anomalies.
Reverse engineering important functions and documenting malware logic.
Controlling malware execution and verifying hidden functionality.
Recovering an analysable executable from a packed sample.
Extracting and explaining embedded shellcode behaviour.
Analysing a document or script infection chain and recovering its payload.
Neutralising anti-analysis controls and tracing an injection workflow.
Creating detection content and a stakeholder-ready report.
Completing and defending an end-to-end malware-analysis investigation.
SOC Analysts
Malware triage, alert validation and behavioural investigation of suspicious files.
Incident Responders
Investigating malicious files and compromised systems during and after incidents.
DFIR & Threat Intel Analysts
Malware artefact identification, capability analysis and behavioural mapping.
Researchers & Pentesters
Reverse engineering, payload behaviour analysis and defensive detection awareness.
70% hands-on
Practical-heavy delivery — one guided investigation per module in an isolated lab.
Industry toolchain
FLARE-VM, REMnux, Ghidra, x64dbg, PEStudio, YARA, FakeNet-NG and more.
Detection & ATT&CK
Turn analysis into YARA rules and MITRE ATT&CK mappings, not just findings.
Report-ready
Produce professional technical and executive malware-analysis reports.
Interested in this course? Our team will reach out within 1 business day.
Enquire Now