This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 2.8 of Fundamentals of Malware Analysis
ASLR, DEP, and stack canaries — the mechanism behind each mitigation, entropy levels by architecture, bypass techniques (ROP chains, info leaks), and why analysts need to recognise these patterns.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quick Bite
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
MITRE ATT&CK — Exploitation for Client Execution (T1203)
ATT&CK technique covering exploitation of software vulnerabilities including mitigation bypass techniques used in the wild.
checksec — Verify Binary Mitigations
Script that checks which mitigations (ASLR, DEP, stack canary, PIE) are enabled in a binary. Run on any PE to assess hardening.
ROPgadget — ROP Chain Builder
Automated tool that finds ROP gadgets in binaries. Run against loaded DLLs to understand how ROP bypasses DEP in practice.
Quadrant 4 · Self-Assessment
Fundamentals of Malware Analysis
Covers the analysis environment, PE file structure, static property examination, behavioural analysis, and dynamic code analysis of Windows executables.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.