Month 7 – Malware Analysis & Reverse Engineering
Build a fully isolated malware analysis lab, perform static and dynamic analysis, and develop foundational reverse‑engineering and detection‑engineering skills.
Overview What you will accomplish
Month 7 transforms your homelab into a safe, isolated malware analysis environment and builds the foundational skills required for reverse engineering and detection engineering. You will deploy analysis VMs, simulate internet services, perform static and dynamic analysis, and complete a full end‑to‑end malware analysis capstone.
- Deploy a fully isolated malware analysis VLAN and workstation set.
- Perform static analysis: metadata extraction, PE structure, strings, packer detection.
- Perform dynamic analysis: process behavior, network simulation, memory forensics.
- Learn foundational reverse engineering using Ghidra and x64dbg.
- Create detection rules (Sigma, YARA, Suricata) based on real samples.
- Complete a full malware analysis capstone report.
Labs Week‑by‑week breakdown
Week 25 – Build the Malware Analysis Lab Environment
Create a fully isolated malware VLAN, deploy analysis VMs, configure simulated internet services, and establish telemetry pipelines for Sysmon and Suricata.
Week 26 – Static Analysis Fundamentals
Analyze PE structure, extract strings, identify packers, and create your first YARA rules to understand malware without executing it.
Week 27 – Dynamic Analysis & Behavior Profiling
Execute malware safely, capture behavioral indicators, analyze network traffic, perform memory forensics, and identify evasion techniques.
Week 28 – Reverse Engineering & Capstone Analysis
Use Ghidra and x64dbg to analyze code paths, unpack samples, extract configuration data, and complete a full end‑to‑end malware analysis report.