Home / Labs /

MalwareTech Labs is a library of reverse engineering challenges that replicate techniques used in real-world malware. Each challenge is designed to provide an immersive malware analysis experience, without the risks of handling live malware.

All samples are custom-written by me, communicate only with a simulated command-and-control server hosted by MalwareTech, and are engineered to avoid exfiltrating sensitive data or modifying files. While every effort has been made to ensure these samples are safe, it is still strongly recommended that you analyze them within a virtual machine.

Strings (3 Labs)

Lab Type:
Static Analysis
Platform:
Windows 64-bit
Difficulty:
Text strings can provide valuable insight into what a piece of code is doing. For this reason, malware will often attempt to conceal or encrypt them. These challenges focus around extracting strings, and are great for beginners.

Command & Control (3 Labs)

Lab Type:
Static Analysis
Platform:
Windows 64-bit
Difficulty:
These labs focus on examples which communicate with a command & control server (c2) and are designed to test your ability to work with opaque infrastructure.

Shellcode (3 Labs)

Lab Type:
Static Analysis
Platform:
Windows 64-bit
Difficulty:
Shellcode is position-independent code which can be run from any location in memory. Whilst shellcode is mostly seen in the context of software exploitation, it's also used by malware to obfuscate and conceal capabilities.

Virtualization (1 Lab)

Lab Type:
Static Analysis
Platform:
Windows 64-bit
Difficulty:
One use of virtual machines is enabling a CPU to run custom code by translating it to native code at runtime. With this, malware can implement its own programming language, obscuring functionality and complicating analysis.

Multistage (1 Lab)

Lab Type:
Static Analysis
Platform:
Windows 64-bit
Difficulty:
Real world malware infections often happen in stages. Each step of the infection chain is responsible for initializing the next. For these challenges, you'll have to analyze your way through more complex multi-stage malware kill chains.