Windows Reversing
Disclaimer
The “malware” in these challenges is not real or designed to harm your system in anyway; however, It is always a good idea to run any untrusted code in a virtual machine. Some challenges emulate techniques used in real malware, which may cause antivirus detections. Please don’t contact me about antivirus detection as there is nothing I can do about it. **Treat all files as if you were handling real malware.**
Like my content and want to support me?
Patreon subscribers will get exclusive bonuses such as early access to challenges and walkthroughs, behind-the-scenes videos, and a special Discord role.
Introduction
The purpose of these challenges is to familiarize beginners with common malware techniques. Don’t worry if you can’t complete a challenge, I will soon be creating a video explaining each one in detail.
The number of stars represents the challenge difficulty. Different challenges require different skills, so you may find easier challenges in one category to be be hard than more difficult in another.
Need Help?
If you’re stuck on a challenge or simply want to chat, come and join us in the MalwareTech Discord! The challenge help channel is #challenge-help. Please remember to use spoiler tags to avoid spoiling the challenges for others.
Static Analysis
All challenges are designed to be completed without using a debugger. Your goal should be to be able to complete each challenge without running the exe.
[Hide and Seek] Each exe contain one or more un-encrypted flags and you need to find the correct one without bruteforcing. These challenges are designed as an introduction to reverse engineering.
[Shellcode] Position independent code (AKA Shellcode) is assembly code which can simply be copied to a memory location and run. Due to the lack of need for complex loading & initialization, it is popular for many tasks such as code injection. These challenges are designed to test your ability to reverse engineer malware shellcode.
- shellcode1 – [★☆☆☆☆]
- shellcode2 – [★★☆☆☆]
[De-virtualization] Sometimes malware attempts to hinder reverse engineering by implementing a virtual machine which runs custom bytecode. These challenges are designed to test your ability to reverse engineer & manipulate custom bytecode.
- vm1 – [★★★☆☆]
[Ransomware] The goal of ransomware is to encrypt files; fortunately, ransomware developers often ignore the #1 rule of crypto (never roll your own crypto). As a result, it is sometimes possible to recover encrypted files without paying the ransom. These challenges are designed to test your ability to recover ransomware encrypted data.
- ransomware1 – [★☆☆☆☆]
[Droppers] Malware developers often break their malware up into multiple stages, with the first stage being the dropper. The purpose of a dropper is to install the main malware onto the computer in a way that avoids detection by the antivirus. Droppers can take many forms such as PowerShell scripts, WScript files, VBA Macros, EXEs and more. These challenges will test your ability to reverse engineer droppers and extract the main malware payload.
Dropper1 (JScript) – Early Access for subscribers Only