Reverse Engineering Learning Path

Learn to detect, analyze and mitigate malware from any network.

10 hours, 43 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    10 hours, 43 minutes

  • Assessment


About Reverse Engineering

In this path, you will learn about the various techniques used by malware to persist, propagate, disrupt, modify and enumerate infected hosts and networks. This path will prepare you to statically and dynamically analyze malware, as well as document the analysis. It will also provide you with the skills to properly mitigate the malware intrusion. You will be able to apply these skills toward real-world security incidents and computer intrusions caused by malware.



Reverse Engineering Skill Assessment

Assessment - 36 questions

Malware analysis introduction

Course - 00:48:00

An introduction to reverse engineering, including the various types of malware and some examples of malware in use today. We will also identify various common malware behaviors and explore the malware analysis process. Also included are some common obfuscation techniques used by malware to avoid analysis and detection. This introduction will give you a great start on what malware analysis and reverse engineering are all about.
Basic static analysis

Course - 01:03:00

This course is an exploration of conducting basic static analysis on malware. Use tools to dissect a PE file and identify suspected malicious activity. Using various tools and techniques, you can learn a lot about a malware sample prior to executing the sample in a virtual environment. Basic static analysis provides a solid start to malware analysis.
Advanced static analysis

Course - 01:29:00

Advanced static analysis gives us a deeper dive into a malicious file. It includes looking at the malicious file's assembly code to better understand the malware’s functionality and behavior. You will learn to better understand x86 assembly, identify many C code constructs in assembly and identify malicious functions in a malware sample.
Basic dynamic analysis

Course - 01:20:00

This course will teach you to conduct basic dynamic analysis, which consists of executing the malware sample in a virtual environment and using numerous tools to monitor the malware’s activity. You will learn to identify system changes made by the malware to include any file changes, registry changes, processes created and so on. You’ll also be able to identify and communicate with malicious network traffic generated by malware.
Advanced dynamic analysis

Course - 02:33:00

A complete understanding of a malicious file can be best achieved during advanced dynamic analysis. This course includes an overview of the x86 architecture and the use of a debugger to analyze malicious code. You will learn to step through the assembly code of a malware sample, set breakpoints and analyze malware in-depth. Advanced dynamic analysis also includes using a debugger to analyze functions for encoding and encryption throughout a malware sample and manually unpacking a packed malware sample.
Reporting and mitigation

Course - 00:21:00

The most important part of malware analysis is the ability to report your findings. What is the point of malware analysis without being able to provide a detailed documentation about the malware sample? This includes an overview of reporting and various mitigation techniques. You will also learn to effectively remove the malware from an infected system based on your malware analysis findings.
Reverse Engineering Project

Course - 02:58:00

Now that you have all the necessary skills required to reverse engineer, put those skills to the test! This project involves utilizing skills you've learned to analyze a real-world malware sample. There are five challenges to complete. Each challenge requires you to find a specific piece of information about the malware sample through analysis and reverse engineering. You will use tools such as the SysInternals Suite, PEview, CFF Explorer, IDA, INetSim, FakeDNS and Wireshark to find the information for each challenge.

Meet the author

Carolyn Ahlers

Carolyn has been a malware reverse engineer for over nine years. She initially gained her reverse-engineering skill set in the US Navy, conducting malware analysis for defensive purposes, incident response and enabling exploitation operations. She is proficient at analyzing various types of binaries and working with many malware analysis tools and programming languages such as x86 assembly, C, C++ and Python. She also has three years’ experience as a computer forensic analyst conducting analysis on various media devices in search of malicious intrusions.

Carolyn has taken numerous malware reverse-engineering courses, at levels from beginner to advanced. She has also created numerous malware analysis training pipelines. She has her Bachelor of Science degree in computer networks and cybersecurity from the University of Maryland Global Campus, and has been SANS GIAC Reverse Engineering Malware (GREM)-certified since 2015.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo