Static Malware Reverse Engineering
RCCE students will learn how to reverse malicious binaries without execution in order to understand capability, functionality, and likely attacker objectives. RCCE students will learn to inspect headers, imports, strings, control flow, embedded resources, suspicious APIs, and packing indicators while documenting the evidence needed by responders and threat intelligence teams. The course covers practical scenarios ranging from binary triage to reverse engineering workflows and defensive reporting. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Static Malware Reverse Engineering
- Execute hands-on tasks for static malware
- Execute hands-on tasks for reverse engineering
- Explain Course Overview fundamentals
- Execute hands-on tasks for what is static malware analysis?
- Execute hands-on tasks for key advantages — covering Analyze code and structure at rest, Safe — no risk of infection.
- Execute hands-on tasks for static analysis
- Execute hands-on tasks for dynamic analysis
- Execute hands-on tasks for dos header — covering MZ magic bytes (0x5A4D).
- Execute hands-on tasks for legacy dos stub program — covering PE Header (COFF), Machine type and.
- Execute hands-on tasks for pe header (coff) — covering Machine type and.
- Execute hands-on tasks for optional header — covering Entry point address.
- Execute hands-on tasks for suspicious sections — covering Non-standard names (UPX0, .packed).
| Module 01 | Static Malware |
| Module 02 | Reverse Engineering |
| Module 03 | Course Overview |
| Module 04 | What Is Static Malware Analysis? |
| Module 05 | Key Advantages |
| Module 06 | Static Analysis |
| Module 07 | Dynamic Analysis |
| Module 08 | DOS Header |
| Module 09 | Legacy DOS stub program |
| Module 10 | PE Header (COFF) |
| Module 11 | Optional Header |
| Module 12 | Suspicious Sections |
| Module 13 | ELF Header |
| Module 14 | Program Headers |
All hands-on labs run on Rocheston Rose X OS. Students practice static malware reverse engineering by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for static malware
- Lab 2: Execute hands-on tasks for reverse engineering
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for what is static malware analysis?
- Lab 5: Execute hands-on tasks for key advantages
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Static Malware Reverse Engineering, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI