Reverse Engineering Malware Part III
Reverse engineering is one of the most well-paid skills in Cybersecurity. If you want to know how to do it, then this is the right course for you. This is Part III.
Reverse Engineering Malware III
This intensive 3-day course equips cybersecurity professionals with the practical skills to dissect Windows malware and understand the internals of executable binaries. Through hands-on labs and real-world case studies, participants will deconstruct the Portable Executable (PE) format, analyze the internal mechanisms of the Windows operating system, and explore how modern ransomware operates at a binary level.
Using live samples of Cactus and LockBit 3.0, students will trace malware behavior, unravel execution flows, and extract TTPs from packed and obfuscated binaries. The course bridges theory and practice by exploring how system APIs, memory management, and persistence techniques are abused.
Participants will work with professional-grade tooling, including IDA Pro, Ghidra, x64dbg, PE-Bear, Detect It Easy, and much more. Emphasis is placed on unpacking techniques, API resolution, string decryption, and code flow recovery. By the end of the course, students will not only understand how malware works but also how the OS responds internally, forming a deep, OS-level perspective essential for analysts, threat hunters, and reverse engineers alike.
Course curriculum
-
-
01 Introduction To REM 3
-
02 Introduction To Pe Anatomy
-
03 Dos Header
-
04 File Header
-
05 Optional Header
-
06 Section Header
-
07 Imports
-
08 Exception Baserelocate Tls
-
09 Pe Anatomy Recap
-
-
-
10 Cactus General Overview
-
11 Cactus First Look Into Die
-
12 Cactus Entropy Levels Packed Version
-
13 Cactus Strings Openssl Packed Version
-
14 Cactus Strings Chacha20 Packed Version
-
15 Cactus Strings Http Packed Version
-
16 Cactus Imports Packed Version
-
17 Cactus Unpacking And First Look
-
18 Cactus File System Implications
-
19 Cactus Chacha20 Implementation
-
20 Cactus Ghidra Session
-
-
-
21 Lockbit3 Introduction
-
22 Lockbit3 Detonation
-
23 Lockbit3 Basic Triage
-
About this course
- 23 lessons
- 4.5 hours of video content
Requirements
While not mandatory, it is recommended that participants have the following tools installed to fully engage with the hands-on exercises:
- Windows Flare VM
These tools will enhance your ability to work effectively with the course materials and practical exercises.
Additional Training
-
Red Team Operator Part I
Course • 27 lessons5.0 average rating (1 review)Master offensive cybersecurity with our Red Team Operator course. Learn adversary simulation, C2 frameworks, evasion, privilege escalation, and stealth techniques used by real-world threat actors. Hands-on and advanced.
Purchase$99
-
Bug Bounty Training
Course • 7 lessons5.0 average rating (1 review)In this Bug Bounty Hunting course, Master OTW will teach you how to seek and exploit application vulnerabilities using the necessary tools and techniques.
$199
-
Subscriber Pro
Bundle • 81 learning productsThis program is designed to elevate your career to the highest level through a 3-year training journey, featuring 65+ courses covering all the knowledge required to become a cybersecurity expert.
$4,000
-
.png)
Advanced SDR for Hackers
Course • 3 lessonsJoin our Advanced SDR Hacking and Security course to master sophisticated techniques, engage in hands-on projects, and learn from industry experts. Elevate your skills with cutting-edge tools and real-world applications.
$299