Malware Analysis
Dissect real malware safely. Static and dynamic analysis, reverse engineering fundamentals, and behavioural detection — the skills behind modern threat intelligence and incident response.
Malware Analysis is a 38-hour program that teaches you to dissect malicious software safely and systematically. It is a specialised, high-value skill that underpins modern threat intelligence, advanced incident response, and detection engineering.
Who this course is for
It suits incident responders, SOC analysts, and security engineers who want to understand threats at a deeper level. Comfort with operating system internals and some programming or scripting experience will help you get the most from it.
What you will be able to do
You will set up a safe analysis lab, perform static analysis to understand a sample without running it, conduct dynamic analysis to observe behaviour at runtime, apply reverse-engineering fundamentals to understand how malware works, and extract the indicators of compromise that feed detection and threat intelligence.
How it is taught
You work with real (safely contained) malware samples in an isolated lab, building the disciplined, careful methodology that safe analysis demands. The curriculum aligns with the GREM certification and emphasises practical, repeatable technique over theory.
You leave able to analyse unknown samples, produce actionable intelligence, and strengthen your organisation’s detection and response.
Curriculum
Building a safe analysis lab
Isolated environments for handling malware without risk.
Static analysis
Examining a sample without executing it; file structure and indicators.
Dynamic analysis
Observing behaviour at runtime in a controlled sandbox.
Reverse engineering fundamentals
Reading disassembly to understand how malware operates.
Behavioural detection & IOCs
Extracting indicators of compromise and building detections.
Frequently asked questions
Is it safe to analyse real malware?
Yes, when done correctly. A core part of the course is building and using an isolated lab so samples can be analysed without any risk to your systems or network.
Do I need to know assembly language?
Not beforehand. The course introduces the reverse-engineering fundamentals you need, though prior programming experience makes the learning curve gentler.