Skip to main content

CYBR 681 Malware Analysis and Reverse Engineering

The ubiquitous nature of Internet of Everything (IoE) and the prevalence of computing technologies in critical infrastructure sectors have brought an unprecedented digital transformation to individuals, businesses, and industries. On the other hand, the IoE has also enabled the increased spread of malicious software (malware). Malware attacks are increasing exponentially over time with total number of known malware surpassed one billion. As a result, the ability to detect, analyze, understand, control, and eradicate malware derive threat intelligence, helps provide timely response to security incidents, fortify defenses, and is essential to nation¿s economic vitality and security. This course introduces malware analysis and reverse engineering techniques which will allow students to recognize, analyze and remediate infections. Using modern tools and procedures the student will understand how to dissect and reverse engineered a malware to understand its behavior, propagation, persistency, and other associated characteristics. Upon completion of the course, the students will have the reverse engineering skills necessary to understand, dissect and analyze malware.


Special information

First day attendance is mandatory.
Prerequisites: Graduate standing. Note: Students are responsible to both be aware of and abide by prerequisites for CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
4 Graduate credits

Effective May 6, 2020 to present

Learning outcomes


  • Recognize and understand the characteristics of various malware, motivations of creators, and impacts on recipients
  • Describe the manner that malware propagates, becomes resident and executes.
  • Analyze how malware interacts with any associated networks, identifying the type of information being targeted.
  • Demonstrate the ability to use various tools and techniques to safely perform static and dynamic analysis of software (or malware) of potentially unknown origin, including obfuscated malware, to fully understand the software's functionality.
  • Apply testing methodologies to build test cases that demonstrate the existence of vulnerabilities in software (or malware).
  • Recognize and understand the anti-disassembly, anti-debugging, and anti-VM techniques that are incorporated by the attacker to impede the analysis and reversing of malware.
  • Formulate Indicators of Compromise (IoCs) from malware samples to aid in threat intelligence efforts.
  • Demonstrate ethical behavior appropriate to security-related technologies.

Spring 2024

Section Title Instructor books eservices
50 Malware Analysis and Reverse Engineering Coston, Ian Books for CYBR-681-50 Spring 2024 Course details for CYBR-681-50 Spring 2024