Introduction

This module provides an introduction to reverse-engineering malware binaries for the x86 architecture. You will be introduced to low level programming languages such as C and assembly language and will develop practical and theoretical skills to enable you to perform both static and dynamic analysis of malware code. This module also takes an in-depth look at typical malware behaviour and how to leverage state-of-the-art reverse-engineering tools to facilitate your analysis.

We aim to provide you with some useful extra knowledge, but reverse-engineering takes practice and it will require experience working in the field for you to feel confident that you have a wide level of knowledge and sufficient depth of understanding to manage your own investigations.

Summary

This module develops your understanding of fundamental underlying software technologies (such as understanding and debugging C and assembly code) and builds on this with techniques to perform reverse engineering and analysis of malware. You will gain an understanding of the behaviour and design of malware and perform hands-on analysis of binary files using static and dynamic analysis techniques to determine the behaviour of malware. Your critical problem-solving skills will be developed through a series of technical challenges that will require you to put theory into practice, to apply the techniques covered to reverse engineer malicious software.

The practical labs give you hands-on experience with reverse engineering and malware analysis. The labs start with an Introduction to Malware Analysis, where you explore static and dynamic analysis techniques to dissect and understand malicious code. The Introduction to C lab focuses on the fundamentals of the C programming language, essential for both programming and malware analysis. The C and Assembly lab delves into low-level programming, covering structs, memory management, bitwise operators, and assembly language for 32-bit x86 processors. The Recognizing C Code Constructs in Assembly lab deepens your understanding of how C code constructs are represented in assembly, crucial for reverse engineering. The Ghidra lab introduces the powerful tool Ghidra for software reverse engineering, covering CPU architectures and memory layout randomization. The Dynamic Analysis SRE labs teach dynamic malware analysis using GDB, enhancing your ability to monitor and understand a program's runtime behavior. The Anti-SRE lab explores tactics used by both malicious actors and legitimate developers to thwart reverse engineering efforts, providing hands-on challenges to hone your skills in overcoming anti-reverse-engineering techniques. Each lab includes practical exercises and challenges to reinforce the concepts learned.