Reverse Engineering

UNSW graphic yellow


This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or


5 days

Delivery mode




Standard price


Defence price


Accelerate your career, learn new skills, and expand your knowledge.

First in Australia for research excellence and impact.

Top 50 in the world. 2020 QS World University Rankings.


In this short course, students learn how malware interacts with the underlying Operating System, how to go about identifying the functionality of malware, and how to perform large scale data analysis of malware. The course is an even mix of set lectures and laboratory work. In the laboratories, students will use tools to apply the concepts of static and dynamic analysis, data analytics, and manual reverse engineering.

Course content

Day 1

Malware Fundamentals

The session starts with an overview of the history of malware, the motivations behind malware attacks and the different types of malware programs. We'll then look at how malware is delivered to the victim and analyse common attacks used to propagate malware.


Malicious Actions, Malware Delivery and Exploitation, Malware C2, Persistence and Evading Detection, Side Channel Attacks and Jumping Airgaps, Reverse Engineering Firmware and Embedded Devices, Interfacing with UART.

Day 2

Reverse Engineering Malicious Code

This session starts with an introduction to object file formats, common properties of object files, recognising object file formats and how malware modifies object files. We'll then discuss the role of the operating system in executing programs, linking and loading processes, and look at machine models and commonalties between Instruction Set Architectures.


Object File Formats – ELF, PE & Java CLASS, Linking and Loading, Object Code and Instruction Set Architectures, Debuggers.

Day 3

Malware Analysis

We'll cover the different types of program representation and basic program analysis techniques including binary, data flow, optimisation, program, static and dynamic analysis. The role of automation and machine learning in the identification and prevention of malware attacks will also be discussed.


Program Representation, Dynamic Analysis, Program Analysis, Binary Program Analysis, Static Reverse Engineering.

Days 4 & 5

Malware Classification & Analysis Labs

The session provides an overview of malware detection and how to identify the origin of outbreaks. We'll cover how statistical machine learning enables us to learn what malicious behaviour looks like and how benign or malicious behaviour is classified.


Program Similarity, Program Classification and Clustering, Malware Obfuscation and Evasion, Code Packing Transformations and Unpacking, Malware Classification Using Weka.

Download the course outline

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • conduct the main approaches to analysing malware, including static and dynamic analysis 
  • conduct malware analysis automation including malware variant detection and malware classification
  • discuss program analysis, including program representation and static program analysis
  • conduct static reverse engineering including the ability to transform disassembly into descriptions of program functionality.

Who should attend

Reverse engineers, malware analysts, anti-malware engineers, tool writers for malware analysis.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.