Malware Analysis & Reverse Engineering

A hands-on programme that teaches you how malware works, how to analyse it safely in isolated environments, and how to extract actionable threat intelligence from malicious samples.

70% Hands-on LabsIsolated Lab EnvironmentIndustry Tools & TechniquesReal Malware Samples (Controlled)
30,19960,00050% Off
Enroll Now

Course Overview

ETSEC 002 covers static analysis, dynamic behaviour monitoring, unpacking techniques, introductory reverse engineering, and threat intelligence extraction. It is a comprehensive programme for anyone who wants to understand how malware actually works under the hood.

All analysis happens in fully isolated lab environments using industry-standard tools. You will work with real malware samples under controlled conditions, building the kind of practical skills that SOC analysts, threat hunters, and malware researchers use in their day-to-day work.

This is a technical training programme by ETSEC Inc. focused on building practical analysis skills. It is not a certification or a career guarantee - it gives you hands-on experience with the tools and techniques used in malware analysis workflows. What you do with those skills is up to you.

What You Will Learn

Set up a proper, isolated malware analysis lab environment
Perform file type identification and static examination
Analyse PE file structures, strings, imports, and exports
Execute malware safely and monitor behaviour (processes, network, registry)
Understand and identify malware evasion and anti-analysis techniques
Use Ghidra and IDA Free for introductory reverse engineering
Analyse different malware types: ransomware, trojans, keyloggers, spyware
Extract Indicators of Compromise (IOCs) from samples
Build YARA rules and map findings to MITRE ATT&CK
Document analysis findings in professional reports

Who Is This For?

Cybersecurity enthusiasts who want to understand how malware works internally
SOC analysts and threat hunters looking to deepen their analysis skills
Incident response team members who deal with malicious artifacts
Students exploring DFIR or malware analysis as a career direction
Pentesters who want a better understanding of malware internals
Anyone who is genuinely curious about the technical workings of modern threats

Recommended Prerequisites

No reverse engineering experience required

Basic Windows and Linux familiarity helps but is not mandatory

Programming experience is useful for advanced concepts but not required to start

Training Approach: 30% Theory - Concepts, malware lifecycle, analysis methodology. 70% Practical - Guided labs with real malware samples in isolated environments. Heavy focus on hands-on tool usage and analysis workflows.

Course Curriculum

Introduction & Static Analysis Foundations

  • Types of malware, their purposes, and lifecycle
  • Overview of the analysis process and approach
  • Building an isolated analysis lab (VMs, snapshots, network isolation)
  • Safety practices for handling malicious samples
  • Introduction to static analysis tools: Strings, PEiD, PEview, Detect It Easy
  • Using VirusTotal and online sandboxes for initial triage
  • Safe malware sourcing practices and legal/ethical considerations
  • Identifying malware type and structure using headers, signatures, and magic bytes
  • Initial triage and classification workflow

Static Analysis Deep Dive

  • PE file format deep dive - sections, headers, entry points
  • Extracting and analysing strings and embedded data
  • Import and export table analysis
  • File hashing (MD5, SHA256) for identification and tracking
  • Identifying packed and obfuscated samples
  • Entropy analysis and packer detection

Dynamic Analysis & Behaviour Monitoring

  • Executing malware safely in isolated VMs
  • Monitoring with ProcMon, Process Hacker, and Wireshark
  • Observing registry, file system, and network changes
  • API call monitoring and behavioural indicators

Unpacking & Evasion Analysis

  • Manual and automated unpacking approaches
  • Common packers and their signatures
  • Anti-VM, anti-debugging, and anti-analysis evasion techniques
  • Bypassing basic evasion methods

Introduction to Reverse Engineering

  • Assembly language basics relevant to malware analysis
  • Using Ghidra, x64dbg, and IDA Free
  • Control flow graphs, entry points, and function identification
  • Tracing malware logic through disassembly

Modern Malware Case Studies

  • Hands-on analysis of ransomware samples
  • Keylogger and spyware analysis
  • Trojan and botnet behaviour analysis
  • Comparing techniques across malware families

Threat Intelligence & IOC Extraction

  • Extracting IOCs (IPs, domains, hashes, file artifacts)
  • Writing YARA rules for detection
  • Mapping findings to MITRE ATT&CK framework
  • Overview of threat intelligence platforms (MISP, OpenCTI)

Final Assessment & Capstone

  • Revision sessions based on batch needs
  • Additional practice with challenging samples
  • Analyse a previously unseen malware sample end-to-end
  • Produce a professional malware analysis report
  • Extract IOCs and build detection rules

Tools & Technologies

Static Analysis

PEiDDetect It EasyStringsPE ExplorerPEview

Dynamic Analysis

ProcMonProcess HackerWiresharkRegShot

Reverse Engineering

GhidraIDA Freex64dbg

Threat Intelligence

MISPVirusTotalHybrid Analysis

Sandboxing

Cuckoo SandboxIsolated VMs

After Completing This Course

Set up and use a properly isolated malware analysis environment
Perform static and dynamic analysis on unknown samples
Understand basic reverse engineering concepts with industry tools
Extract IOCs and create YARA detection rules
Analyse common malware types found in real-world incidents
Document findings in a structured analysis report

You Also Receive

ETSEC Course Completion Certificate

Lab guides and reference materials

Capstone project and analysis report

YARA rules created during lab exercises

IOC sets generated from analysis work

Career Paths & Market Salaries

Roles where these skills are actively used in the Indian market. Salary figures are indicative ranges based on publicly available data and may vary by location, experience and organisation.

Malware Analyst

6 – 18 LPA

Analyse suspicious files and binaries to understand their behaviour and impact. Demand is growing across CERTs, security firms, and large enterprises in India.

Threat Intelligence Analyst

6 – 15 LPA

Track threat actors, analyse campaigns, and produce intelligence reports. IOC extraction and YARA rule writing from this course are directly applicable.

SOC Analyst (L2/L3)

5 – 14 LPA

Senior SOC analysts who can triage malware alerts and do basic reverse engineering are in high demand. This course gives you that edge over L1 analysts.

Incident Response Analyst

7 – 20 LPA

Respond to security incidents, contain threats, and perform forensic analysis. Malware analysis is a core skill in most IR teams.

DFIR Specialist

8 – 22 LPA

Digital forensics and incident response roles require understanding malware artefacts, memory analysis, and attack reconstruction. This course covers the malware side of DFIR.

Reverse Engineer

10 – 30 LPA

Specialised role requiring deep assembly and binary analysis skills. This course provides the foundation - reaching this level requires additional experience and practice.

Why Train With ETSEC?

Real malware samples analysed in controlled, isolated environments

Covers the full analysis spectrum: static, dynamic, reverse engineering, and threat intel

Trainers are security practitioners with hands-on analysis experience

Professional reporting skills are included - important for SOC and DFIR roles

Capstone project provides a tangible demonstration of your analysis abilities

What Participants Say

The labs with real samples made all the difference. Reading about malware is one thing - analysing it yourself is completely different.

- Yash M.

Reverse engineering with Ghidra was explained step by step. I went from zero assembly knowledge to understanding basic malware functions.

- Ananya P.

How to Enroll

1

Click 'Enroll Now'

Hit the Enroll button above. You will be redirected to our secure Razorpay payment page.

2

Complete Payment

Pay via UPI, card, net banking, or wallet. You will receive a confirmation email from Razorpay.

3

Share Details

Send your payment confirmation to contact@etsecinc.com or call +91 86885 78412.

4

Start Learning

Get added to your batch group, receive lab access, and begin training as per the batch schedule.

View detailed enrollment guide

Frequently Asked Questions

Yes. All malware analysis happens in fully isolated virtual environments with proper safety protocols. You learn how to set up and maintain this isolation as part of the course.

No prior reverse engineering experience is needed. Programming knowledge helps in advanced modules but is not mandatory - we teach the relevant assembly concepts within the course.

Yes. You work with real malware samples, but always in controlled, isolated lab environments. Safe handling practices are taught before any live analysis begins.

The course builds practical skills relevant to both DFIR and SOC roles. However, this is a training programme, not a placement service. Your outcomes will depend on your overall profile, experience, and effort.

Interested in this course?

Get in touch to learn about upcoming batches, fees, and enrollment.

Contact Us← Back to All Courses