From €990



3-5 days


Basic to Advanced



Arnau Gàmez i Montolio

Arnau is a catalan hacker, reverse engineer and mathematician, with an extensive background in code (de)obfuscation research and Mixed Boolean-Arithmetic expressions, as well as industry experience as a senior malware reverse engineer.

About the training

*Beginner’s guide*
Learn how to set up a malware analysis lab environment using virtual machines and perform basic static and dynamic analysis in this course designed for complete beginners. Students will benefit from a comprehensive introduction to reverse engineering, focusing on Windows platform and PE files. Equipped with this knowledge, we’ll analyze malware samples in more depth with an interactive disassembler, and jump into a debugger for a precise dynamic analysis of their execution flow.


- Introduction
- Set up a malware analysis lab
- Basic static analysis
- Basic dynamic analysis
- Introduction to x86/x64 reverse engineering
- Static analysis of windows malware
- Debugging windows malware
- Basic unpacking

*Advanced guide*
Once equipped with the skills and understanding covered in the beginner’s course, students are ready to deepen their knowledge of sophisticated malware analysis and tools. Learn advanced unpacking methods to face any unknown packer, how to extract and analyze shellcode, plus expert level techniques to detect covert malware techniques including process injection, process hollowing, and more. Moving onto Windows kernel driver rootkits analysis and debugging, students will progress to malware obfuscation mechanisms, as well as common anti-reverse engineering techniques, ranging from anti-disassembly, to anti-debugging and vm detection. To finish, students will learn how to address NoPE malware coming in the form of various Script files, Powershell, Office macros, etc.


- Advanced unpacking
- Shellcode analysis
- Covert malware
- Analysis of Windows kernel driver rootkits
- Malware obfuscation mechanisms
- Anti reverse engineering techniques: anti-disassembly, anti-debugging, anti-vm
- NoPE malware: Python, Javascript, Powershell, Office macros, AutoIt