print

Reverse Engineering Malware

T
Technical Teaching
RevMal
AONZO Simone
Abstract

Reverse Engineering Malware is a scientifically grounded course focused on the reverse engineering of Windows malware at the binary level. It combines rigorous theoretical foundations (covering compilation, computer architecture, operating system mechanisms, and instruction set architectures) with hands-on reverse engineering practice. Students learn how to analyze compiled programs, reconstruct high-level semantics from low-level code, and understand the techniques used by modern malware to evade analysis. The course emphasizes systematic reasoning, methodological analysis, and a research-driven approach to understanding modern malicious software.

Bibliography

The instructor will provide the necessary study materials.

Requirements

Prerequisites

Programming languages: Python and C

Description

Description

This course provides a practical and structured journey into malware reverse engineering. Starting from software fundamentals, compilation, and computer architecture, students progressively explore operating system internals, executable formats, and the x86 instruction set. The course then focuses on hands-on static and dynamic analysis using industry-grade tools such as Ghidra and x64dbg, culminating in the study of obfuscation, anti-analysis techniques, and real malware behaviors. Emphasis is placed on understanding how malware works, how it hides, and how analysts can systematically uncover its functionality.

 

Teaching and Learning Methods

Lectures and laboratory sessions

 

Course Policies

Attendance at laboratory sessions is mandatory

 

Evaluation

The course includes two individual hands-on laboratory assignments. Each laboratory is graded and contributes 15% to the final grade, for a total of 30%.

The final exam consists of an individual hands-on laboratory exam with additional questions, accounting for the remaining 70% of the final grade.

 

Learning Outcomes

By the end of the course, students will be able to:

 

●      Confidently approach binaries with a structured reverse engineering methodology

●      Analyze Windows executables and understand the Portable Executable (PE) format

●      Reason about x86/x64 assembly, calling conventions, and system calls

●      Perform static and dynamic analysis in a grey-box fashion

●      Identify and defeat common obfuscation, packing, and anti-analysis techniques

Understand modern malware behaviors and evasion strategies