Core Module
Static Analysis Fundamentals
PE/ELF header analysis, import/export table enumeration, string extraction, entropy analysis, packer identification, and hash-based threat intelligence lookup.
What You Learn
A structured, foundation-to-advanced pathway in malware analysis and reverse engineering, following forensic methodology aligned to Australian government cyber threat analysis standards.
Malware Analysis & Reverse Engineering teaches systematic, intelligence-grade examination of malicious binaries: dissecting PE and ELF structures, sandbox detonation in CAPEv2, unpacking obfuscated payloads, reverse engineering with Ghidra, debugging with x64dbg, and authoring YARA rules for scalable detection — aligned to ASD Essential Eight, ASD ISM, and AFP cybercrime investigation standards.
Core Module
Dynamic Analysis & Sandboxing
Sandbox execution in CAPE/Cuckoo, process monitoring with ProcMon, registry and file system change tracking, API call logging, and network behaviour capture during detonation.
Advanced
Reverse Engineering & Code-Level Analysis
Disassembly with Ghidra, debugging with x64dbg, unpacking common packers (UPX, Themida), function reconstruction, and building indicators from code-level analysis.
Module Content
Practical, operator-grade exercises using real-world malware samples, sandbox environments, and reverse engineering toolchains.
This Malware Analysis & Reverse Engineering module covers: PE and ELF binary dissection, packer identification and unpacking, automated sandbox detonation in CAPEv2, Ghidra disassembly and decompilation, YARA rule authoring and deployment, and malware family classification with attribution methodologies.
PE & ELF File Format Deep Dive
Portable Executable and ELF structure, section headers, import/export directories, resource sections, and how malware abuses each structural component.
Packer Identification & Unpacking
Entropy-based packer detection, UPX unpacking, manual unpacking techniques, dumping memory-resident payloads, and rebuilding unpacked binaries.
CAPE Sandbox Operations
Automated malware detonation in CAPEv2, behavioural log analysis, API call tracing, network traffic capture during execution, and extracting IOCs from sandbox reports.
Ghidra Disassembly & Decompilation
Navigating Ghidra projects, function identification, cross-reference analysis, decompiler usage, scripted analysis with Ghidra scripts, and annotating findings.
YARA Rule Development
Writing precise YARA rules for malware family detection, string-based and condition-based rules, testing against clean and malicious sample sets, and deploying YARA at scale.
Malware Classification & Attribution
Family identification through code similarity, behavioural clustering, C2 infrastructure correlation, and building threat actor profiles from malware analysis findings.
Tools & Standards Used
Professional malware analysis environment. Same standards as ASD ACSC and AFP cybercrime investigation labs.
Hacking101 Malware Analysis & Reverse Engineering is taught using: Ghidra (NSA reverse engineering suite), x64dbg, CAPEv2 sandbox, YARA, FLOSS for string extraction, PE-bear, Detect It Easy, and UPX — the same toolchain used by ASD ACSC malware analysts and AFP cybercrime investigators. Compliance benchmarks include ASD Essential Eight (application control), ASD ISM 1534, and relevant state Evidence Act provisions for malware-derived forensic evidence.
✓ ASD Essential Eight
✓ ASD ISM
✓ AFP Forensic Guidelines
🔒 $10M Cyber Liability
🏢 AU-East Hosted
Advisories
This module is built under the express tuteallage of two specialist practitioners who bring together the cutting edge of machine learning and the hard-won credibility of the courtroom. You study directly under their guidance.
Christopher Tran — Resident Machine Learning Expert
Christopher Tran provides the express tuteallage for the AI and machine learning components of this module. He will show you, step by step, how neural networks, deep-learning classifiers, and predictive algorithms converge to enhance and embolden malware analysis. Under his instruction you will build and apply real machine learning pipelines: neural-network-based malware classification using static feature vectors and dynamic behavioural fingerprints, ML-driven behavioural clustering that groups unknown samples by execution similarity, predictive detection models capable of identifying zero-day and unknown malware variants before signature-based tools catch up, and confidence-scoring frameworks that quantify classification certainty for intelligence reporting — tooling designed to support and strengthen the malware analyst's conclusions, never to replace them. Christopher ensures every student leaves with a working understanding of how AI augments the reverse engineer's workflow, from automated triage of large sample sets through to generating analyst-ready threat intelligence from ML outputs.
Christopher Tran provides the express tuteallage for the AI and machine learning components of this module. He will show you, step by step, how neural networks, deep-learning classifiers, and predictive algorithms converge to enhance and embolden malware analysis. Under his instruction you will build and apply real machine learning pipelines: neural-network-based malware classification using static feature vectors and dynamic behavioural fingerprints, ML-driven behavioural clustering that groups unknown samples by execution similarity, predictive detection models capable of identifying zero-day and unknown malware variants before signature-based tools catch up, and confidence-scoring frameworks that quantify classification certainty for intelligence reporting — tooling designed to support and strengthen the malware analyst's conclusions, never to replace them. Christopher ensures every student leaves with a working understanding of how AI augments the reverse engineer's workflow, from automated triage of large sample sets through to generating analyst-ready threat intelligence from ML outputs.
Ms. Linda Morrell — ASFDE (Australasian Society of Forensic Document Examiners)
Ms. Linda Morrell is a bonafide, dues-paying member of the Australasian Society of Forensic Document Examiners — the peak professional body governing forensic document examination across Australia and New Zealand. She has been directly involved in hundreds of Australian cases spanning civil fraud, probate disputes, identity theft, and criminal forgery prosecutions. Her expert opinions on digital evidence provenance, chain of custody, and forensic methodology have been tendered and accepted in Australian courts, where she is recognised as a respected authority whose testimony withstands adversarial cross-examination. In this module, Ms. Morrell provides the express tuteallage for the evidentiary standards and courtroom preparation components. She teaches the forensic handling of malware-derived evidence to evidentiary standard, structured opinion formation on digital forensic findings, expert report writing for malware investigation outcomes, and witness-box conduct — ensuring that every piece of malware-derived forensic evidence produced in this course meets the admissibility benchmarks expected by Australian federal and state courts. Her involvement guarantees that the techniques taught here produce not just technically sound results but legally defensible evidence.
Ms. Linda Morrell is a bonafide, dues-paying member of the Australasian Society of Forensic Document Examiners — the peak professional body governing forensic document examination across Australia and New Zealand. She has been directly involved in hundreds of Australian cases spanning civil fraud, probate disputes, identity theft, and criminal forgery prosecutions. Her expert opinions on digital evidence provenance, chain of custody, and forensic methodology have been tendered and accepted in Australian courts, where she is recognised as a respected authority whose testimony withstands adversarial cross-examination. In this module, Ms. Morrell provides the express tuteallage for the evidentiary standards and courtroom preparation components. She teaches the forensic handling of malware-derived evidence to evidentiary standard, structured opinion formation on digital forensic findings, expert report writing for malware investigation outcomes, and witness-box conduct — ensuring that every piece of malware-derived forensic evidence produced in this course meets the admissibility benchmarks expected by Australian federal and state courts. Her involvement guarantees that the techniques taught here produce not just technically sound results but legally defensible evidence.
Christopher Tran
Machine Learning Specialist
Resident expert providing express tuteallage in AI-enhanced malware analysis. Christopher teaches neural-network-based malware classification, ML-driven behavioural clustering, and predictive detection models for unknown malware variants — all tooling built and demonstrated within this module to augment the analyst's capability at scale.
Ms. Linda Morrell
ASFDE — Australasian Society of Forensic Document Examiners
Bonafide ASFDE member with direct involvement in hundreds of Australian cases. A courtroom-recognised authority on forensic evidence whose expert opinions have been accepted in Australian federal and state jurisdictions. Ms. Morrell provides the express tuteallage for ensuring malware-derived forensic evidence meets Australian courtroom admissibility standards for expert testimony — every student learns to produce court-ready forensic reports.
Study Options
Self-Paced Essential
$2,490
- Full module video library
- 30+ hands-on malware analysis lab sets
- Certificate of completion
- Access to CAPEv2 sandbox environment
Coached Professional
$3,990
- Everything in Essential
- Weekly coach review of reverse engineering exercises
- Live debugging walkthrough sessions
- Priority YARA rule feedback
Frequently Asked Questions
Do I need programming experience?
Basic Python and C familiarity is helpful but not required. Foundational programming concepts are covered in the static analysis labs, and the Ghidra decompiler reduces the need for raw assembly expertise.
Basic Python and C familiarity is helpful but not required. Foundational programming concepts are covered in the static analysis labs, and the Ghidra decompiler reduces the need for raw assembly expertise.
Directory: www.hacking101.com.au/forensic-analysis-101/malware-analysis/
Parent path: www.hacking101.com.au/forensic-analysis-101/