Beginner to Intermediate
Malware Analysis
The Art of Malware Analysis
The Art of Malware Analysis is a course on malware reverse engineering targeted toward beginners and intermediate individuals.
$149.99
Get Instant Access
Lifetime access
Certificate of completion
Discord community access
Regular content updates
30-day money-back guarantee
What You'll Learn
Set up isolated malware analysis labs with VMware or VirtualBox (FlareVM and Remnux)
Perform basic static and dynamic analysis on malicious binaries
Read x86 assembly and common C programming constructs in disassembly
Map behaviors to MITRE ATT&CK and document findings
Analyze malicious documents, process injection, packing, and C2 communications
Automate configuration extraction and parsing workflows with Python
Course Curriculum
- Course Introduction
- Course Virtual Machine - Virtual Box
- Course Virtual Machines - VMWARE
- Course Samples
- Course Discord Channel
- Misc Resources
- Part 1 - FlareVM Installation on VMWARE
- Part 2 - Remnux Installation - VMWARE
- Part 3 - Office Installation for Module 7
- Part 4 - Connect VMs - VMWARE
- Part 1 - Windows Installation
- Part 2 - FlareVM Installation
- Part 3 - FlareVM Software Installation
- Part 4 - Remnux Setup
- Part 5 - Connect both VMs
- Part 1 - Basic Static Analysis - Theory
- Part 2 - Basic Static Analysis - Labs
- Part 3 - Basic Dynamic Analysis - Theory
- Part 4 - Basic Dynamic Analysis-Labs
- ToolsReview-Part1 (FREE PREVIEW)
- ToolsReview-Part2 (FREE PREVIEW)
- Part 1 - Intro to Assembly - Theory
- Part 2 - Intro to Assembly - Lab 1
- Part 3 - Intro to Assembly - Labs2 And Closing
- Part 1 - Understanding C - Theory (FREE PREVIEW)
- Part 2 - Hello World in C
- Part 3 - 1 - If than else
- Part 3 - 2 - For Loop
- Part 3 - 3 - While Loops
- Part 3 - 4 - Switch Statement
- Part 3 - 5 - Strings And Structs
- Part 3 - 6 - Functions
- Part 3 - 7 - Evasion and Closing (FREE PREVIEW)
- Introduction to MITRE ATT&CK
- Part 1 - Malicious Document and Scripts - Theory and Labs Part 1
- Part 2 - Malicious Document and Scripts Labs Part 2 and Closing
- Part 1 - Process Injection Theory and Labs
- Part 2 - Malware Packing Theory and Labs
- Part 1 - Static Analysis and Unpacking of Initial Sample
- Part 2 - Static Analysis of Unpacked Sample
- Part 3 - Static Analysis in Ghidra - Host Finger Printing and Hashing
- Part 4 - Static Analysis in Ghidra - Malware Evasion
- Part 5 - Static Analysis in Ghidra - Investigating C2 Communication
- Part 6 - Create Mitre Attack Mapping
- Part 1 - Introduction and using the PEFile Module
- Part 2 - ASKBot Config Extraction
- Part 3 - Revil Config extraction
- Part 4 - Download and Extract Samples
- Part 5 - Dump and Extract Configs
- Shellcode Analysis
- Agent Tesla Analysis
- Part 1 - Introduction to Yara
- Part 2 - Creating an example Yara Rule
- Part 3 - Reporting
- Final Exercise
- Initial Execution (FREE PREVIEW)
- Dll Analysis and Unpacking
- Final Payload Analysis
- C2 Extraction via Python
- Dropper Analysis (FREE PREVIEW)
Requirements
- Windows host with virtualization (VMware or VirtualBox)
- Ability to run FlareVM and Remnux in isolated VMs
- Basic familiarity with Windows and command-line tooling
- Optional: Microsoft Office installed for malicious document labs
- Willingness to work safely with live malware samples
Your Instructor
Ahmed Kasmani
Research Lead (Fortune 500), ex-Microsoft & CrowdStrike
Research Lead focused on malware reverse engineering and security research. Previously at Microsoft and CrowdStrike across Security Research, Security Engineering, and MDR. 15+ years in cyber, with front-line work on incidents like WannaCry, NotPetya, SolarWinds, and ProxyShell. Committed to making hands-on security training accessible and affordable.