The aim for these notes kept in this repository serve the purpose of teaching you about reverse engineering and malware analysis. This information is gathered from the INE courses for the certification exams of "eLearnSecurity Certified Reverse Engineer" and "eLearnSecurity Certified Malware Analyst Professional". The INE courses these notes come from are Practice-based courses with dozens of guided exercises that will challenge your mind with hardcore technical topics. This aims to consolidate your knowledge of the following:
- Start from the basics up to highly technical chapters
- Learn about IA-32 CPU Architecture
- Learn about functions, stack frames, heaps, exceptions, important Ring3 Windows internal structures, PE file format
- Work with realistic malware samples created to prepare you for real-world samples
- Analyze real-world samples: ransomware, botnets, rats, etc.
- Explore an entire module dedicated to x64 bit assembly as a programming crash course
- Dive into the TLS method
- Understand how malware uses Windows APIs to achieve their malicious activity
- Debug samples using different debuggers
- The necessary theory 1: CPU registers
- The necessary theory 2: Processes and threads
- The necessary theory 3: Heaps, handles and exceptions
- The necessary theory 4: Virtual Addresses, Relative Virtual Addresses and offsets
- Introduction to malware analysis: The basics
- Static analysis techniques: Common procedures
- Assembly crash course: Writing and debugging assembly code
- Behavior analysis: Dynamic analysis techniques
- Debugging and disassembly techniques
- Obfuscation techniques