$ ./start-academy --mode training
> From zero to confident analyst. Structured paths, real samples, safety-first methodology. No live malware on your host. Ever.
$ ls ./modules/
Available Training Modules
// Each module contains lessons, exercises, and real sample references
> Static Analysis
Dissect PE headers, extract strings, identify packing, and map imports without executing a single instruction.
> Dynamic Analysis
Observe runtime behavior in sandboxed VMs using Procmon, Wireshark, and FakeNet-NG to capture IOCs.
> Reverse Engineering
Navigate Ghidra decompilation, trace API call chains, and reconstruct malware capabilities from assembly.
> Detection Engineering
Write YARA rules from byte patterns, build Sigma detections for Sysmon events, and validate against samples.
> Incident Response
Build behavioral timelines, prioritize containment actions, and produce actionable analyst reports.
> Threat Intelligence
Map findings to MITRE ATT&CK, extract C2 infrastructure patterns, and contextualize campaigns.
$ tree ./paths/
Progress from fundamentals through advanced specializations at your own pace.
├── Core Foundations
├── Windows Internals
├── Reverse Engineering
├── Detection & Response
├── Capstone Labs
├── Document & Script Analysis
$ cat reviews.log
“The structured paths took me from barely understanding PE headers to confidently triaging samples in our SOC. The safety-first approach meant I never had to worry about accidentally detonating anything on my host.”
Sarah K.
SOC Analyst, L2
“I came from sysadmin work with zero reversing experience. The Ghidra modules broke down what felt impossibly complex into approachable steps. Landed my first DFIR role three months after completing Path C.”
Marcus T.
Career Changer
“We onboarded four junior analysts through the platform. The composite scoring gave us real visibility into their progress, and the exercise format mirrors actual casework better than any CTF.”
Dr. Lin W.
Security Team Lead