Where do I start...?
Getting started learning a new skill or concept can be daunting, especially with such large and complex topics as malware analysis and reverse engineering. Don't worry - this page will help you get started! Below I've organized resources that will help get you started learning malware analysis and reverse engineering. If you're not sure where to start, start at the beginning! If you have some experience, please feel free to skip ahead. Please note that I will favor resources I've created or are familiar with. This doesn't mean that there aren't better resources out there for you though - everyone learns differently and my style may not always work the best for you. If you have any questions, don't hesiate to join the Discord and ask away - there is a channel dedicated to helping you get started there as well.
Building A Lab Environment
Before you start learning, you'll want to have a lab environment. Most of the content I teach is centered around Windows, but I often use a variety of resources to help. Using virtualization software is a common practice and where I spend most of my time performing analysis or even writing code... VirtualBox and VMWare are both popular options. VirtualBox is open-source while VMWare provides a non-commercial option. If you're not sure where to start, try them both out. Once you have virtualization software installed, proceed to check-out the following distributions to help you get a purpose-built VM.
FLARE-VM
The FLARE-VM, maintained by the FLARE team at Google, is designed to provide you with the vast majority of tools you need for reverse engineering and malware analysis. Unlike popular Linux distributions, the FLARE-VM is not a ready to go VM that you download. Instead, you have to run installation scripts to build out an existing VM. Instructions can be found on the project's Github page, as well as links to find a Windows 10 ISO to get started from.
REMnux
REMnux is another popular MA/RE VM. It's built off of Linux and provides another ready to-go environment for analysis. Since this distro uses Linux, you can download an OVA ready to import directly into your virtualization software. I typically have at least two VMs for analysis - a FLARE-VM and a REMnux VM.
Kali
Kali is another popular Linux-based distribution. While it's geared more for red team operations, it contains many useful tools. I find myself using it from time to time so it's handy to have around. However, if you already have a FLARE-VM and REMnux you could probably queue this one up to explore later.
Building Core Skills
Whether you want to learn advanced malware analysis skills, become a penetration tester, or do vulnerability research - learning to reverse engineer will help you develop a solid foundation. Where you want to end up determines where you start, but you'll find many of the low-level skills and concepts you pick up here to translate well to a wide variety of technologies and use-cases.
FREE Resources
Assembly
Learning low-level concepts such as CPU design and architecture are a must and in my opinion, learning assembly is a great way to do that. Plus, when it comes to reverse engineering you are often times looking at this low-level representation of machine code (i.e. binary). This series will cover many essential topics to help you understand assembly. It also walks you through setting up a lab environment so you can practice creating your own small assembly programs to help make the learning more concrete.
Playlist on YouTube
C
Learning at least some C is a must and this playlist will cover what you need to know. The C language is often considered the cornerstone of reverse engineering. This powerful language unlocks the secrets of how systems truly function, giving you the low-level expertise to analyze malware.. C's simplicity and close-to-hardware nature provide an unparalleled foundation for understanding compiled code, making it an essential skill for anyone serious about cybersecurity and software exploration
Playlist on YouTube
Reverse
Engineering
Once you have basic assembly and/or C knowledge, I suggest start looking at the world through the lens of reverse engineering. Many RE courses begin with an assembly refresher, so if you already know some ASM/C you could start here to see how you do - don't worry, if you're feeling a bit rusty yuo can always go back and refresh.
Playlist on YouTube
PAID Resources
Assembly
This is a 90 minute crash-course in x86 assembly - so whether you're looking to get started or need a refresher, this is a great place to start. This course provides instructions on how to create a sample binaries to follow along and takes a unique approach by combining both C and assembly in one course! You'll use sample C programs to disassemble with IDA Pro to not only learn basic assembly, but also how to use this venerable disassembler and decompiler.
Course on Pluralsight
Getting Started with RE
This nearly 4 hour course covers everything from assembly basics to using debuggers and performing reverse engineering. There are several hands-on labs to help you practice the skills you are learning. This is a great course to introduce you to all the essential tools, topics, and tricks to get started learning reverse engineering!
Course on Pluralsight
IDA Pro
Basics
When reverse engineering, a significant amount of time is spent analyzing disassembled or decompiled code, and no other tool is as widely known for this task as IDA Pro. First, you’ll explore IDA’s core functionality and common use cases for cyber security professionals. Next, you’ll discover how IDA handles a variety of executable file formats and processor architectures. Finally, you’ll get hands-on with IDA Pro to explore key user interface components and see the decompiler in action.
Course on Pluralsight
Ghidra
Basics
To become effective at reverse engineering, you have to know how to utilize tools designed to disassemble and decompile code. First, you’ll explore Ghidra’s core functionality and common use cases by security professionals. Next, you’ll discover what Ghidra can, and can’t do. Finally, you’ll get hands-on with Ghidra and explore its primary features and essential navigation. When you’re finished with this course, you’ll have the skills and knowledge of Ghidra needed to start learning this essential tool.
