MC-12 · Mini-course

Static and dynamic malware analysis: Ghidra, x64dbg, ANY.RUN, YARA rules and report writing.

15 lessons3 topicsAdvancedGhidra + x64dbg

Start Learning ← All Courses

strings — static analysis

$ strings malware.exe | grep -Ei "http|cmd"

Извлекаю строки...

http://c2.evil.com/beacon

cmd.exe /c net user admin /add

powershell -enc JABzAD0ATgBlAHc=

SOFTWARE\Microsoft\Windows\Run

[!] Обнаружены C2, persistence, обфускация

$ █

Why this matters right now

450,000 new malware samples appear every day

450,000new malware samples appear every day

90%of malware uses obfuscation or packers

$150k+salary for malware analysts at top companies

GhidraNSA's open-source reverse engineering tool

After the course you will be able to

Not abstract knowledge — concrete skills for analyzing real malware

Perform static analysis of a PE file without executing it

Disassemble and decompile malware in Ghidra

Step-debug malicious code in x64dbg

Identify and unpack UPX and other packers

Write YARA rules to detect malware families

Analyze malware network behavior via Wireshark + FakeNet

Run malware in ANY.RUN sandbox and interpret the report

Write a professional malware sample analysis report

Real attacks in the course

Analyzing real malware — WannaCry, Emotet and APT samples

Real case2017

WannaCry — kill-switch found in static analysis

Researcher MalwareTech spent 20 minutes in static analysis and found a hardcoded URL — WannaCry's kill-switch. Registering the domain for $10 stopped the global epidemic.

Topic 02 · strings and static analysis

APT2020

Emotet — 3 weeks of deobfuscation

Emotet used multi-layer obfuscation: packed → VBA macro → PowerShell → .NET → shellcode. The full analysis chain took the Malwarebytes team 3 weeks.

Topic 03 · x64dbg and dynamic analysis

Success Story2023

YARA rule caught a new strain in 6 hours

An analyst wrote a YARA rule based on an old sample analysis. 6 hours later the rule triggered on a new strain of the same family in a corporate network.

Topic 02 · YARA: writing signatures

Course Program

3 topics · 15 lessons: from sandbox to Ghidra and x64dbg

Malware classification

Safe analysis lab environment

Setting up an isolated environment (FlareVM, REMnux)

Initial triage of suspicious files

Sample sources and handling rules

Where this course leads

Malware Analysis — the pinnacle of defensive security careers

$4,000 — $12,000/mo

Malware Analyst

Analyze new malware samples, write YARA rules, create antivirus signatures and publish technical reports.

Ghidrax64dbgYARAStatic Analysis

Track:FC-07 → MC-12 → MC-11

$5,000 — $15,000/mo

Reverse Engineer

Reverse-engineer malicious code, research zero-day exploits, work in Threat Intelligence teams at top companies.

GhidraIDA ProAssemblyExploit Analysis

Track:MC-12 → FC-07 → FC-10

$3,500 — $8,000/mo

Threat Intelligence

Track APT groups, analyze their TTPs through malware, publish threat reports and help SOC teams set up detection.

Malware AnalysisYARACTIThreat Reports

Track:FC-07 → MC-12 → FC-10

Who this course is for

Malware Analysts

Want to systematically learn analysis methodology — from simple strings to full reverse engineering in Ghidra.

DFIR Specialists

Investigating incidents and need skills for quick triage of malicious samples during investigations.

Blue Team

Want to understand attacker behavior at code level to write more precise detection and YARA rules.

Reverse malware
like a researcher
today

15 lessons, Ghidra, x64dbg and real WannaCry and Emotet samples. Become a malware analyst.

Start Learning ← All Courses

MC-12● Mini-course

Malware Analysis Basics

Level: advanced

15 lessons

video + practice

3 topics

by topic

Advanced

difficulty level

Ghidra + x64dbg

primary tools

Static PE analysis without execution

Ghidra decompilation and disassembly

x64dbg step-by-step debugging

YARA rules for malware families