This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Unit 1 of REMA
Foundational concepts: malware taxonomy, analysis approaches, reverse engineering basics, x86 architecture, assembly language, and debugging methodology.
A foundational introduction to malware analysis: what malware is, why analysing it matters, and the structured approach analysts follow when reading the story a binary tells.
A systematic reference covering all eighteen malware categories with real-world examples, detection methods, and the three-question triage framework for rapid classification.
How malware rewrites itself to break signature detection — oligomorphic stub rotation, polymorphic mutation engines, and metamorphic full binary rewriting — with detection strategies for each.
Three landmark incidents — Stuxnet (2010), Colonial Pipeline (2021), and REvil/Kaseya (2021) — analysed for their technical mechanisms, failure points, and lasting lessons for defenders.
The three analysis approaches — basic static, basic dynamic, and automated sandbox — each answering a progressively deeper question with different tools and trade-offs.
What reverse engineering is, why it matters beyond dynamic analysis, how the compilation pipeline works in reverse, and how to extract actionable IOCs from four lines of assembly.
The Intel x86 architecture from an analyst perspective: Von Neumann model, CISC design, fetch-decode-execute cycle, eight general-purpose registers, EFLAGS, and little-endian byte ordering.
Intel syntax, the three operand types, the twenty most common x86 instructions, the function prologue and epilogue, and the stack frame layout analysts read daily in a debugger.
The legal framework for reverse engineering malware in India, the US, and the EU — the core legal distinction, lawful acquisition practices, and responsible disclosure.
IDA Pro vs Ghidra for disassembly, x64dbg vs OllyDbg for debugging, supporting static analysis tools, and practical selection guidance for building a free analysis stack.
Controlled execution in a debugger — the four stepping modes, three breakpoint types, exception handling, and execution modification techniques for bypassing anti-debugging.
Test your understanding of all Unit 1 topics — malware taxonomy, evasion techniques, analysis approaches, x86 architecture, assembly fundamentals, and debugging concepts — with 20 multiple-choice questions. A certificate is issued on your first passing attempt.