5-Day Instructor-Led Programme
The XMRE Certification Programme is the practitioner standard for malware analysts and reverse engineers who dissect, understand, and extract intelligence from malicious software across Windows, Linux, and cross-platform malware families. Assessed on Day 6 through a supervised malware analysis and reverse engineering exercise producing a threat intelligence report — no multiple choice, no exam.
Duration
5 Days
Price
$5,620
Malware is the instrument of almost every significant cyber attack. Understanding it — how it achieves persistence, evades detection, communicates with C2 infrastructure, and spreads — is one of the most powerful capabilities a security professional can develop. But malware reverse engineering is a craft skill that no exam can assess. You either understand the code or you do not. XMRE is built for analysts who want to genuinely understand malware, not just identify it.
Across six instructor-led days, participants build capability from first principles of assembly language and file format understanding through static analysis using disassemblers and decompilers, dynamic analysis in controlled sandbox environments, advanced obfuscation recognition and unpacking, network traffic analysis for malware communications, and structured threat intelligence extraction. Every session uses real malware samples from current threat actor campaigns, in isolated, authorised laboratory environments.
On Day 6, participants receive an unknown malware sample. They conduct static and dynamic analysis, identify the malware family and capabilities, map techniques to MITRE ATT&CK, extract IOCs, and produce a professional threat intelligence report. A senior practitioner reviews the analysis methodology and report quality. XMRE certificate and Practitioner Assessment Report issued together. Aligned with MITRE ATT&CK v14, MITRE ATLAS (for AI-enabled malware), NIST SP 800-61, and CISA malware analysis guidance.
Hands-on static analysis with Ghidra, IDA Free, and Binary Ninja, dynamic analysis in FlareVM/REMnux, malware unpacking and deobfuscation, C2 traffic analysis, and a supervised analysis exercise on Day 6 using real malware samples.
Mentor-led sessions examining real malware families (ransomware, RATs, info-stealers, rootkits) from current threat actor campaigns, guided by a practitioner who has analysed production malware in real incident contexts.
Conduct structured malware analysis and reverse engineering engagements, extract indicators of compromise and threat intelligence, and produce professional malware analysis reports aligned to MITRE ATT&CK.
Conduct structured static malware analysis using Ghidra, IDA Free, and associated tooling to identify malware capabilities and obfuscation techniques
Execute controlled dynamic analysis using process monitoring, debuggers, and network simulation to capture malware behaviour in safe environments
Unpack and deobfuscate malware samples using manual and automated methodology to expose encrypted payloads and configurations
Analyse C2 communication protocols and map malware network behaviour to infrastructure for attribution and detection
Develop YARA detection rules from malware analysis findings and map identified techniques to MITRE ATT&CK v14
Produce professional malware analysis and threat intelligence reports that inform SOC detection engineering and incident response operations
Minimum 12 months in a SOC, DFIR, or security engineering role with exposure to malware or threat analysis
Basic understanding of Windows and Linux operating systems, file systems, and networking fundamentals
Familiarity with at least one scripting language: Python or PowerShell for automation of analysis tasks
Organized by professional domains with comprehensive coverage
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of Xcademia Malware Reverse Engineering Practitioner, learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and recognised by employers across the UK defence and security sector.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
SANS FOR610 is a 6-day course costing approximately $8,780, followed by a $999 GREM written exam. XMRE is 6 instructor-led days ending in a supervised malware analysis exercise on Day 6 where participants analyse a real (isolated) malware sample and produce a professional threat intelligence report. The Practitioner Assessment Report documents what was analysed and how — not a written exam score. Less than half the total GREM cost.
Take the next step in your professional development