After this lesson, you will be able to: Understand what reverse engineering is, why it matters for security, and the strict safety and legal boundaries (no real malware is ever used in these labs).
Reverse engineering is understanding how software works without its source code, a core skill for malware analysis, vulnerability research, and CTFs. This advanced subtrack covers static analysis, disassembly and decompilation with Ghidra, dynamic analysis and safe handling, malware categories, sandboxes, and YARA rules. It assumes you have completed Penetration Testing.
This is a free introductory lesson. No purchase required.
Reverse engineering takes a compiled binary and recovers an understanding of what it does: its logic, its data, its behavior. Security uses it to analyze malware (what does this sample do, how do we detect it), to find vulnerabilities in closed-source software, to verify whether a binary matches its claimed behavior, and to solve CTF challenges. It is the skill that lets you understand software the vendor never documented.
Perform static analysis with basic tools and understand executable formats. Use Ghidra to disassemble and decompile a binary and read its logic. Run a sample safely and observe its behavior dynamically. Recognize malware categories and indicators, read sandbox reports, and write YARA rules to detect patterns. By the end you can analyze a benign binary end to end.