RE//verse 2026 Training - Reverse Engineering Windows Malware: Beyond the Basics with Anuj Soni

RE//verse 2026 Training - Reverse Engineering Windows Malware: Beyond the Basics with Anuj Soni

$4,800.00 Sale

Badge Info

Registration Info

This course equips attendees to perform in-depth reverse engineering of Windows malware. You’ll dive into malicious loaders, examine evasion techniques, learn how to identify and reverse algorithms used to hide payloads, and explore the role of encryption in both ransomware and data obfuscation. The course also emphasizes automation, covering techniques for streamlining both dynamic and static analysis using Python, Frida, Binary Ninja, and emulators. Throughout, students will reinforce their skills through hands-on labs. The techniques taught will prepare you to produce meaningful analysis that supports effective detection, clustering, and threat intelligence.

  • TRAINING:  March 2-5th, 2026
  • CONFERENCE: March 5th-7th, 2026 (requires separate purchase, begins the evening of the 5th)
  • LOCATION: Caribe Royale, Orlando, FL (discounted group rate link)
  • NOTE: Conference admission purchased separately.  Conference tickets can be purchased here.

Prerequisites

Students should have prior experience with Windows malware analysis (x86/x64) and be familiar with Python programming.

Course Topics:

Part 1: Analyzing Multi-stage Malware In-Depth

  • Identifying and extracting embedded payloads (EXEs, DLLs, shellcode)
  • Reverse engineering reflective loaders
  • Static analysis evasion: opaque predicates, control flow flattening
  • API evasion: syscalls, API hashing


Part 2: Cryptographic Techniques in Malware

  • Malware cryptography fundamentals
  • Identifying and understanding algorithm use
  • Encryption in ransomware: protecting keys and encrypting files
  • Data obfuscation: hiding strings, configs, and C2 channels


Part 3: Automating Malware RE Workflows

  • Automating debugging in x64dbg
  • Instrumenting malware behavior with Frida
  • Writing Python for config extraction
  • Automating deobfuscation within Binary Ninja
  • Emulating Malware for Deobfuscation

System Requirements

  • 64-bit host with Intel or AMD processor (Apple Silicon Macs are not supported)
  • Minimum 8 GB RAM (16 GB or more recommended)
  • At least 60 GB of free disk space
  • Virtualization Software (VirtualBox recommended)
  • A 64-bit Windows 10 VM
  • Detailed setup instructions will be provided before the course start date

Trainers

Anuj Soni is a Senior Reverse Engineer at the Johns Hopkins University Applied Physics Laboratory (APL), where he focuses on offensive research and malware analysis. With over 20 years of experience in reverse engineering, malware analysis, incident response, and threat hunting, Anuj has built a career around uncovering how malicious code operates. For more than a decade, he has authored and taught both foundational and advanced malware reverse engineering courses, helping thousands of analysts build practical RE skills. He also shares his knowledge through a growing YouTube channel (youtube.com/@sonianuj). When he’s away from the keyboard, you'll find him working out at the gym, or with his kids - which is also a workout.