Reverse Engineering and Malware Analysis Fundamentals from Udemy

What's inside

Learning objectives

Flare vm lab setup
Os fundamentals
Windows api
Virtual memory
Pe file structure
Static analysis
Dynamic analysis
Network analysis

Memory analysis
Identifying standard and custom packers
Unpacking packed malware
Debugging malware
Analysing malware using ghidra
Dumping memory
And more...

Flare vm lab setup
Os fundamentals
Windows api
Virtual memory
Pe file structure
Static analysis
Dynamic analysis
Network analysis
Memory analysis
Identifying standard and custom packers
Unpacking packed malware
Debugging malware
Analysing malware using ghidra
Dumping memory
And more...

Syllabus

How to install Virtual Machine and configuring it for malware anaysis

[ 2022 Update ] Installing Windows 10 Virtual Machine

Installing the tools - Flare VM

Alternative solution to Flare VM, if the installation of Flare VM is not working.

[2022 Update] Installing Flare VM 3.0 in Windows 10 virtual machine

[2022 Update] Installing additional missing tools

List of tools used for this course and download links.

Understanding Files and File Formats

Understanding Files and File Formats.

Exercise: Identify File Formats

Process Creation, Virtual Memory and Portable Executable File

Process creation.

Virtual Memory

Portable Executable (PE) File - Part 1

Portable Executable (PE) File - Part 2

Windows Internals knowledge which are needed by Malware Analysts

Win32 API

Intro to Static and Dynamic Analysis

Installing bintext and graphviz

Installing additional tools - bintext

Configuring and Using Procmon and Procdot

Lab: Static Analysis of Malware Sample 1

Dynamic Analysis Workflow

Lab: Dynamic Analysis of Malware Sample 1

Lab: Procdot Analysis of Malware Sample 1

Lab: Network Analysis of Malware Sample 1

Lab Exercise: Intro to Analysis of Malware Sample 2

Lab: Static Analysis of Malware Sample 2 - Unpacking

Lab: Static Analysis of Malware Sample 2 - Embedded Strings Analysis

Lab: Static Analysis of Malware Sample 2 - PE Header and Hash Analysis

Lab - dynamic analyis of malware sample 2

Lab: Static Analysis of Malware Sample 2 - Regshot Analysis

Lab: Static Analysis of Malware Sample 2 - Procdot Analysis

Lab: Static Analysis of Malware Sample 2 - Network Analysis

Assembly Language Basics

Disassemble, decompile and unpack malware

Intro to Malware Sample 3

Decompiling and extraction using exe2aut

Disassembling and Decompiling with Ghidra

Debugging with xdbg

[2022 Update] For those who are having problems with VirtualAlloc. There is more than one way to trace memory allocations. If VirtualAlloc is not working for you, then lookout for VirtualAllocEx and NtAllocateVirtualMemory, instead. Malware usually has additional payloads embedded within it. VirtualAlloc is used to allocate memory for unpacking these payloads. By tracing the memory allocations, we can identify where to manually dump these payloads into separate files for further analysis.

Dumping Memory Using Process Hacker

Trace VirtualAlloc API calls and dump memory using Process Hacker.

Detecting custom packers, unpacking using xdbg and memory dumping using process hacker

Intro To Malware Sample 4 (TeslaCrypt Ransomware)

File and Packer Identification

Debugging and Unpacking with xdbg and Process Hacker

Unpacking - Part 2

Analysis with Ghidra

Reverse Engineering Malware Sample 5 (Simda Trojan)

Intro To Malware Sample 5 (Simda Trojan)

Identifying Abnormal Epilogues

Unpacking the Shellcode

Final Unpacking and Analysis in Ghidra

Resources For Further Study

Bonus Lecture

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Reverse Engineering and Malware Analysis Fundamentals with these activities:

Review OS Fundamentals

Show steps

Reinforce your understanding of operating system concepts, which are crucial for understanding how malware interacts with the system.

Browse courses on Operating Systems

Show steps

Review the concepts of processes, threads, and memory management.
Study system calls and their role in interacting with the kernel.
Familiarize yourself with file system structures and permissions.

Brush up on Assembly Language Basics

Show steps

Strengthen your ability to read and understand assembly code, which is essential for reverse engineering malware.

Browse courses on Assembly Language

Show steps

Review common assembly instructions and their functions.
Practice reading and interpreting disassembled code snippets.
Understand the relationship between assembly and higher-level languages.

Read 'Practical Malware Analysis'

Show steps

Supplement your learning with a comprehensive guide that covers both static and dynamic malware analysis techniques.

View Practical Malware Analysis: The Hands-On Guide... on Amazon

Show steps

Read the chapters on static analysis techniques.
Work through the examples of dynamic analysis using debuggers.
Practice analyzing malware samples using the tools discussed in the book.

Four other activities

Expand to see all activities and additional details

Show all seven activities

Practice PE File Parsing

Show steps

Solidify your understanding of the PE file format by manually parsing PE headers and sections.

Show steps

Download a PE file parsing tool or library.
Write code to extract information from PE headers, such as entry point and section sizes.
Verify your results against a PE viewer tool like CFF Explorer.

Document Malware Analysis Findings

Show steps

Improve your analysis and communication skills by writing detailed reports on malware samples you analyze.

Show steps

Choose a malware sample to analyze.
Perform static and dynamic analysis on the sample.
Write a report summarizing your findings, including indicators of compromise (IOCs).

Contribute to a Malware Analysis Project

Show steps

Deepen your understanding and contribute to the community by participating in open-source malware analysis projects.

Show steps

Find an open-source malware analysis project on GitHub or GitLab.
Identify a bug or feature to work on.
Submit a pull request with your changes.

Read 'The Art of Memory Forensics'

Show steps

Expand your knowledge of memory analysis techniques, which are crucial for advanced malware analysis.

View The Art of Memory Forensics: Detecting Malware... on Amazon

Show steps

Read the chapters on memory acquisition and analysis tools.
Practice analyzing memory dumps using Volatility or other memory forensics frameworks.
Learn how to identify malware artifacts in memory.

Career center

Learners who complete Reverse Engineering and Malware Analysis Fundamentals will develop knowledge and skills that may be useful to these careers:

Malware Analyst

A Malware Analyst investigates and analyzes malicious software to understand its functionality, origin, and potential impact. This role involves dissecting malware samples, reverse engineering code, and documenting findings to develop detection and prevention strategies. This course, with its focus on practical walk-throughs and tools introduction, directly helps you gain proficiency in reverse engineering and malware analysis, which are crucial for a malware analyst. The course covers static analysis, dynamic analysis, and network analysis, all essential skills for examining malware behavior. Understanding file formats, process creation, and memory management, as taught in this course, enables a malware analyst to effectively dissect malicious code and identify vulnerabilities.

See salaries and explore the career path for Malware Analyst

Reverse Engineer

A Reverse Engineer analyzes software or hardware to understand its design, functionality, and underlying principles. This often involves disassembling code, studying memory structures, and identifying vulnerabilities. As a reverse engineer, you will find this course directly applicable, as it provides a solid foundation in reverse engineering techniques, with an emphasis on practical walk-throughs. The curriculum includes hands-on experience with key tools like Ghidra and xdbg, as well as techniques for unpacking malware and analyzing memory dumps. A reverse engineer can leverage the knowledge gained in this course to dissect complex software, identify hidden features, and develop custom solutions.

See salaries and explore the career path for Reverse Engineer

Threat Intelligence Analyst

A Threat Intelligence Analyst gathers and analyzes information about cyber threats to identify emerging risks and trends. They monitor threat actors, analyze malware samples, and develop threat intelligence reports to help organizations proactively defend against cyberattacks. As a Threat Intelligence Analyst, this course is valuable because understanding malware analysis and reverse engineering is essential for effectively responding to security incidents involving malicious software. The course's hands-on experience with tools like Process Monitor and Wireshark, combined with techniques for unpacking and debugging malware, enables incident responders to quickly analyze malware samples, identify the scope of the infection, and develop remediation plans.

See salaries and explore the career path for Threat Intelligence Analyst

Firmware Analyst

A firmware analyst focuses on reverse engineering and security analysis of firmware, the software embedded in hardware devices. They identify vulnerabilities, analyze malicious code, and develop security measures to protect embedded systems. As a reverse engineer, you will find this course directly applicable, as it provides a solid foundation in reverse engineering techniques, with an emphasis on practical walk-throughs. The curriculum includes hands-on experience with key tools like Ghidra and xdbg, as well as techniques for unpacking malware and analyzing memory dumps.

See salaries and explore the career path for Firmware Analyst

Security Engineer

A Security Engineer designs, implements, and manages security systems to protect computer systems, networks, and data. This includes identifying vulnerabilities, developing security measures, and responding to security incidents. This course is helpful because a Security Engineer needs to possess a strong understanding of malware analysis and reverse engineering techniques to be proactive against threats. The course's coverage of unpacking standard and custom packers, debugging, and memory dumping can help security engineers stay ahead of increasingly sophisticated malware. By understanding how malware operates, a Security Engineer can develop more effective defenses and incident response plans.

See salaries and explore the career path for Security Engineer

Incident Responder

An Incident Responder is responsible for managing and coordinating the response to security incidents. They investigate security breaches, contain the impact of attacks, and restore systems to normal operation. As an Incident Responder, this course is valuable because understanding malware analysis and reverse engineering is essential for effectively responding to security incidents involving malicious software. The course's hands-on experience with tools like Process Monitor and Wireshark, combined with techniques for unpacking and debugging malware, enables incident responders to quickly analyze malware samples, identify the scope of the infection, and develop remediation plans.

See salaries and explore the career path for Incident Responder

Penetration Tester

A Penetration Tester simulates attacks on computer systems to identify vulnerabilities and assess security risks. They use a variety of tools and techniques to exploit weaknesses in software, networks, and hardware. As a penetration tester, you will find this course valuable because understanding malware analysis and reverse engineering can significantly enhance your ability to find and exploit vulnerabilities. By analyzing malware samples, you can gain insights into the techniques used by attackers and develop more effective penetration testing strategies. The course's coverage of static analysis, dynamic analysis, and unpacking techniques provides penetration testers with practical skills to assess the security posture of systems.

See salaries and explore the career path for Penetration Tester

Ethical Hacker

Ethical hackers are security professionals who use their hacking skills to identify vulnerabilities in computer systems and networks. They perform penetration tests, security audits, and risk assessments to help organizations improve their security posture. As an ethical hacker understanding malware analysis and reverse engineering can significantly enhance your ability to find and exploit vulnerabilities. The course's coverage of static analysis, dynamic analysis, and unpacking techniques provides penetration testers with practical skills to assess the security posture of systems.

See salaries and explore the career path for Ethical Hacker

Cybersecurity Analyst

Cybersecurity Analysts monitor computer networks and systems for security breaches and intrusions. They analyze security events, investigate incidents, and implement security measures to protect organizations from cyber threats. As a cybersecurity analyst, you may find that this course may be useful, giving you an insight into malware analysis, which is a critical skill for identifying and responding to security incidents. The course's focus on static and dynamic analysis, network analysis, and unpacking techniques helps cybersecurity analysts dissect malware samples and understand their behavior. This knowledge enables cybersecurity analysts to develop more effective detection rules, incident response plans, and threat intelligence reports.

See salaries and explore the career path for Cybersecurity Analyst

Vulnerability Analyst

A Vulnerability Analyst identifies and assesses security weaknesses in software, hardware, and networks. They use a variety of tools and techniques to discover vulnerabilities and recommend remediation measures. As a vulnerability analyst, you will find that this course provides a solid foundation in malware analysis and reverse engineering, which are valuable skills for identifying software vulnerabilities. The course's coverage of static analysis, dynamic analysis, and debugging techniques helps vulnerability analysts analyze code, identify potential weaknesses, and assess the impact of vulnerabilities. This knowledge enables vulnerability analysts to provide more accurate and comprehensive vulnerability assessments.

See salaries and explore the career path for Vulnerability Analyst

Security Consultant

A Security Consultant advises organizations on how to improve their security posture and protect their assets from cyber threats. This role typically requires strong technical skills, as well as excellent communication and problem-solving abilities. As a security consultant, you may find that this course may be helpful. The course's coverage of malware analysis, reverse engineering, and incident response techniques can enhance a security consultant's ability to assess security risks and recommend appropriate security controls. By understanding the latest malware trends and attack techniques, a security consultant can provide valuable guidance to organizations on how to defend against cyber threats.

See salaries and explore the career path for Security Consultant

Security Architect

A Security Architect is responsible for designing and implementing security systems for an organization's IT infrastructure. They assess security risks, develop security policies, and select security technologies. As a security architect you will find that this course is valuable because you will learn the knowledge and the skills gained in reverse engineering and analysis would be beneficial to you to reverse software as well. You will learn using plenty of practical walk-throughs. We will learn the basics first then gradually proceed to more advanced topics. All the needed tools will be introduced and explained.

See salaries and explore the career path for Security Architect

Information Security Manager

An Information Security Manager oversees an organization's information security program. They develop and implement security policies, procedures, and controls to protect sensitive data and systems from cyber threats. As an information security manager taking this course may be useful because learning the knowledge and skills gained in reverse engineering and analysis would let you better understand an attack. We will use tools like tridnet, bintext, pestudio, cff explorer, regshot, procdot, fakenet, wireshark, process monitor, process hacker, xdbg, Ghidra and more...

See salaries and explore the career path for Information Security Manager

Cryptography Engineer

Cryptography engineers design and implement secure communication systems. They research, develop, and test cryptographic algorithms, protocols, and systems to protect sensitive information. As a cryptography engineer this course may be useful because it may help you gain a deeper insight on the process of malware analysis and unpacking. The course will help you to learn the basics first then gradually proceed to more advanced topics. All the needed tools will be introduced and explained.

See salaries and explore the career path for Cryptography Engineer

Software Developer

A Software Developer designs, develops, and maintains software applications. They write code, test software, and fix bugs. While seemingly disparate, even as a software developer, you may find that this course is valuable. Understanding the software development life cycle from an adversarial perspective helps build more secure code. The course's coverage of reverse engineering, debugging, and memory analysis can enhance a software developer's ability to identify and fix security vulnerabilities in their code. By understanding how malware operates, a software developer can write more secure code and prevent their applications from being compromised.

See salaries and explore the career path for Software Developer

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Reverse Engineering and Malware Analysis Fundamentals.

Practical Malware Analysis

Save

Comprehensive guide to malware analysis techniques. It covers static and dynamic analysis, debugging, and memory forensics. It is commonly used as a textbook in malware analysis courses and provides practical examples and exercises to reinforce learning. This book adds significant depth to the course material and valuable reference for aspiring malware analysts.

Practical Malware Analysis: The Hands-On Guide to...

Paperback

Practical Malware Analysis: The Hands-On Guide to...

Kindle Edition

The Art of Memory Forensics

Save

Provides in-depth knowledge of memory forensics techniques. It covers how to analyze memory dumps to detect malware and other threats. While the course touches on memory dumping, this book provides a much deeper dive into the subject. It valuable resource for those who want to specialize in memory analysis and incident response.

The Art of Memory Forensics: Detecting Malware and...

Paperback

$$$

Reverse Engineering and Malware Analysis Fundamentals

What's inside

Learning objectives

Syllabus

Save this course

Activities

Career center

Reading list

Share

Similar courses