Reverse engineering and malware analysis represent essential skills in the modern cyber security landscape, enabling defenders to understand the inner workings of malicious software and develop effective countermeasures against increasingly sophisticated threats. These Hacktivity labs provide an introduction to reverse-engineering malware binaries for the x86 architecture. You will be introduced to low level programming languages such as C and assembly language and will develop practical and theoretical skills to enable you to perform both static and dynamic analysis of malware code. This module also takes an in-depth look at typical malware behaviour and how to leverage state-of-the-art reverse-engineering tools to facilitate your analysis. You will gain an understanding of the behaviour and design of malware and perform hands-on analysis of binary files using static and dynamic analysis techniques to determine the behaviour of malware. Your critical problem-solving skills will be developed through a series of technical challenges that will require you to put theory into practice, to apply the techniques covered to reverse engineer malicious software.

The practical labs give you hands-on experience with reverse engineering and malware analysis. The labs start with an Introduction to Malware Analysis, where you explore static and dynamic analysis techniques to dissect and understand malicious code. The Introduction to C lab focuses on the fundamentals of the C programming language, essential for both programming and malware analysis. The C and Assembly lab delves into low-level programming, covering structs, memory management, bitwise operators, and assembly language for 32-bit x86 processors. The Recognizing C Code Constructs in Assembly lab deepens your understanding of how C code constructs are represented in assembly, crucial for reverse engineering. The Ghidra lab introduces the powerful tool Ghidra for software reverse engineering, covering CPU architectures and memory layout randomization. The Dynamic Analysis SRE labs teach dynamic malware analysis using GDB, enhancing your ability to monitor and understand a program's runtime behavior. The Anti-SRE lab explores tactics used by both malicious actors and legitimate developers to thwart reverse engineering efforts, providing hands-on challenges to hone your skills in overcoming anti-reverse-engineering techniques. Each lab includes practical exercises and challenges to reinforce the concepts learned.