top of page



From €990



3-5 days


Basic to Advanced



Nicolas Brulez

Nicolas Brulez is the founder of HEXORCIST, a company that specializes in providing reverse engineering and malware analysis training. Prior to that, he worked for eight years in the Global Research and Analysis Team at Kaspersky.
Over the past 20 years, Nicolas has authored numerous articles and papers on reverse engineering and virus analysis. He is also a co-author of the Armadillo Protection system.
He was an instructor at the first RECON conference in 2005 and is still teaching there 15 years later. As well as RECON, Nicolas has presented at Pacsec, ToorCon, SSTIC, Virus Bulletin, Hacker Halted, RuxCon, TakeDownCon, and Pacsec.

About the training

This course is offered in two modes: basic and advanced. For the basic version no prior reverse engineering experience is required. Students will learn from scratch how to manually analyze malware both statically and dynamically. The objective is to learn multiple methods of malware analysis, such as decrypting and unpacking, and understanding its main functionality. The training also covers how to combat various anti-analysis tricks and is based on recent malware samples used in real attacks by APT groups and cybercriminals. Training is focused on manual reverse engineering; no automatic analysis tools are used.
The advanced version covers the most sophisticated methods and tools used by experts in the industry to analyze modern APT attacks. During the course, students will learn step by step the whole workflow describing how to analyze the most powerful APTs discovered – from getting the initial sample to fully understanding all the APT’s capabilities. This course will teach students how to create a variety of tools and scripts to automate many reverse engineering tasks. The course also includes analysis of malicious shellcodes and malicious documents.

bottom of page