Reverse Engineering Essentials
4.7 (40 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
372 students enrolled

Reverse Engineering Essentials

Tools and Techniques for Windows Malware Analysis
Bestseller
4.7 (40 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
372 students enrolled
Last updated 7/2020
English
English
Current price: $104.99 Original price: $149.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 5.5 hours on-demand video
  • 30 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Assignments
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • How to build a virtual environment for malware analysis
  • How to identify and bypass anti-virtualisation techniques
  • How to confidently use debuggers and disassemblers
  • Be able to analyse processes and perform low-level API monitoring
  • How to monitor changes to the Registry and the file system
  • Learn how to intercept and investigate network traffic
  • Execute samples inside a sandbox, extract and analyse artefacts
  • Become comfortable with tools for static analysis
  • How to identify packers automatically and manually
Requirements
  • There are no pre-requisites for this class other that a Windows virtual machine and the will to learn.
  • All the tools used here are freely available online.
  • Malware samples and scripts/programs presented are attached as resource.
Description

The aim of this course is to cover the essentials techniques and tools for reverse engineering and malware analysis. As the title suggests, we will cover only the Windows environment in this class, since it is by far the most used and abused. We try to provide a complete picture for the starting reverse engineer but in the same time relevant for the more advanced analysts.

There are always multiple ways to do a task. We will insist more on "Why?"s instead of "How?"s since we consider that it's more important to understand WHAT we're trying to achieve and WHY.

There are no pre-requisites for this class other that a Windows virtual machine and the will to learn. All the tools discussed here are freely available online. Analyses are demonstrated on a Windows 8.1 virtual machine.

Don't worry! Neither professional programming experience nor assembly language knowledge are required to benefit from the course. If you know these already, it would be helpful when we’ll look at identifying encryption algorithms and bypass anti-virtualisation checks. The concepts will be explained clearly and additional resources will be recommended.

Some programming experience will definitely be beneficial, however, the focus will be mostly on understanding the technique, the tools and their most useful features. When needed, source code written in C or Python will be provided.

To get the most out of this course, we recommended to try all the exercises and assignments that follow the lectures and whenever a concept or idea is not fully explained or clearly understood, either reach out with questions on the Q&A section or consult online resources.

Who this course is for:
  • Security testers
  • Malware analysts
  • Forensics investigators
  • System administrators
  • Information security students
  • anyone interested in information security in general and reverse engineering in particular
Course content
Expand all 35 lectures 05:32:34
+ Building a virtual environment
10 lectures 01:32:19
Setup
12:16
Hardening - VM Detection
08:40

Play with few VM detection tools and understand how they work.

Hardening - VM Detection Practice
13:14

Make your virtual machine resilient against being detected, using WMI and Registry tricks.

Hardening - Anti VM Detection Practice
12:44
Anti-VM and Anti-Debug
10:26
Anti-VM and Anti-Debug Practice 1
07:44
Anti-VM and Anti-Debug Practice 2
06:43
Anti-VM and Anti-Debug Practice 3
06:34
Anti-VM and Anti-Debug Practice 4
05:08
+ Analysis Tools
23 lectures 03:16:52
Monitor Process Activity
13:59
Monitor Process Activity Practice 1
04:32
Monitor Process Activity Practice 2
09:28
Monitor Process Activity Practice 3
01:54
Monitor Process Activity Practice 4
03:26

In this quiz we'll see how we can spot malicious processes using only Process Explorer.

Spotting suspicious process
4 questions
Monitor API Calls
09:37
Monitor API Calls Practice 1
05:14
Monitor API Calls Practice 2
08:43
Monitor API Calls Practice 3
06:29
In this practice assignment you'll monitor the behaviour of a malware sample, identify a C2 server and extract indicators from the file header.
Monitor API Calls Assignment
3 questions
Monitor Registry and File System
08:55
Monitor Registry and File System Practice 1
04:51
Monitor Registry and File System Practice 2
02:47
In this assignment, you will create a sample that drops, executes and then deletes a payload. That's one of the anti-forensics tricks used by malware authors to hide their payloads. You goal is to recover the executed payload before getting deleted.
Monitor Registry and File System Assignment
3 questions
Monitor Network Activity
16:24
Monitor Network Activity Practice 1
08:01
Monitor Network Activity Practice 2
06:33
Monitor Network Activity Practice 3
09:15
Monitor Network Activity Practice 4
05:38
In this assignment we'll monitor a sample that attempts to communicate with a command and control server on an unknown port and protocol, and then downloads a second stage payload.
Monitor Network Activity Practice Assignment
5 questions
Sandboxing
17:13
Sandboxing Practice 1
08:13
Sandboxing Practice 2
13:02
Static Analysis
16:44
Static Analysis Practice 1
02:43
Static Analysis Practice 2
13:11