RE//verse 2026 Training - Advanced Linux Malware Reverse Engineering with Marion Marschalek

RE//verse 2026 Training - Advanced Linux Malware Reverse Engineering with Marion Marschalek

$4,800.00 Sale

Badge Info

Registration Info

This fast-paced 4-day course will make students familiar with reverse engineering Linux malware, starting off with a dense walk through of Linux OS internals and Linux binary analysis techniques, before jumping right in with common Linux malware. Quickly we'll work our way to advanced samples, targeted malware, Linux software protection techniques and packers. We will cover Go malware, Rust, and C++ samples, and explore recent rootkits targeting Linux.

Students will walk away with a deep understanding of Linux binary analysis techniques and knowledge of the Linux threat landscape, being able to dissect advanced Linux malware in their day to day operation.

  • TRAINING:  March 2-5th, 2026
  • CONFERENCE: March 5th-7th, 2026 (requires separate purchase, begins the evening of the 5th)
  • LOCATION: Caribe Royale, Orlando, FL (discounted group rate link)
  • NOTE: Conference admission purchased separately.  Conference tickets can be purchased here.

Description

Day 1

  • Familiarization with analysis environment using introduction malware
  • Linux specific reverse engineering concepts, Linux OS internals and ELF file format
  • Compiling, linking, loading, process execution
  • Practice learned skills on a selection of DDoS bots, bitcoin miners, and ransomware, the Linux most-wanted

Day 2

  • Dynamic analysis of malicious software on Linux, tool internals and techniques
  • C++ reverse engineering with Linux malware examples from real world attacks
  • Go and Rust reverse engineering of Linux malware, such as Luna and BlackCat ransomwares

Day 3

  • Linux analysis evasion tricks, packers, process injection techniques
  • Hands on unpacking and evasive sample analysis
  • Linux rootkits and eBPF based malware such as Diamorphine, Phalanx2, and Symbiote

Day 4

  • Targeted Linux malware samples, cases like Turla and BVP47
  • Advanced analysis automation techniques using eBPF and Frida
  • Free exercise time of various difficulty levels

    Key Learning Objectives

    • Proficiency in Linux binary analysis knowledge
    • Understanding Linux malware in-depth
    • Learning Linux analysis evasion techniques
    • Advanced analysis techniques, static and dynamic

    Class Requirements

    Prior knowledge of x86-64 reverse engineering basic or intermediate is required. I will do my best to meet students where they are at regardless. Environment to be set up before the class is required. A laptop with Intel chip, minimum of 30GB of free disk space, VirtualBox virtualization software and permissions to install software on the system is required.

    Trainers

    Marion Marschalek is an independent security researcher with over 15 years of experience in the security industry, with a primary focus on reverse engineering, and background in malware research and detection, incident response, microarchitecture security and cloud security engineering. She has held positions in Intel and AWS and various threat detection companies, and has published ample research over the years, presenting at conferences like BlackHat, HITB, RSA and REcon. In 2015 Marion founded BlackHoodie, a series of hacker bootcamps which successfully attracts more women to the security industry.