InfoSec Institue's Reverse Engineering Boot Camp is a 5 day accelerated, in-depth course that is structured to teach students how to become a prefessional reverse engineer.
In this 5 day hands-on course, you will gain the necessary binary analysis skills to discover the true nature of any Windows binary. You will learn how to recognize the high level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a binary. After learning these important introductory skills, you will advance to the analysis of:
* Hostile Code & Malware, including: Worms, Viruses, Trojans, Rootkits and Bots.
* Vulnerabilities in Binaries, including: Format string vulnerabilities, buffer overflow conditions, and the identification of flawed cryptographic schemes
* Binary obfuscation schemes, used by: Hackers, Trojan writers and copy protection algorithms
InfoSec Institute will train you on the standard reverse engineering programs IDA Pro, Ollydbg, and Softice. You will also learn how to use various hex editors, binary analysis programs, and code coverage analyzers.
Reverse Engineering is a critical skill. Many incident response situations and computer forensics investigations cannot be completed accurately or thoroughly without understanding the runtime nature of a binary. Hackers increasingly use customized trojans that are not detected by antivirus which can only be analyzed and traced back to the original attacker via reverse engineering. Additionally, many binary programs contain vulnerabilities, such as buffer overflows and the use of very weak cryptographic algorithms. The only way to discover these critical vulnerabilities for closed-source programs is to reverse engineer them. Reverse engineering is also required in order to understand complex binary obfuscation schemes used by copy protection vendors, as well as obfuscation put in place by commercial software vendors.
Certified Reverse Engineering Analyst: In any hands on reverse engineer training course, it is important to have the opportunity to prove to current or potential employers that you have the skills you say you do. This course prepares you for the top reverse engineering certification in the industry, the CREA. The exam is given on-site, InfoSec Institute has achieved a 93% pass rate for this certification.
How You Benefit:
1. Gain the in-demand career skills of a reverse engineer. Very few information security professionals, incident response analysts and vulnerability researchers have the ability to reverse binaries efficiently. You will undoubtedly be at the top of your professional field.
2. Learn the methodologies, tools, and manual reversing techniques used real world situations in our reversing lab.
3. Move beyond automated "input and output" testing of binaries, commonly used by fuzzers and other analysis tools.
4. More than interesting theories and lecture, get your hands dirty in our dedicated reversing lab in this security training course.
Duration: 5 Days
Day 1: Introduction to Reverse Engineering
Day 1 focuses on the fundamental knowledge required for reverse engineering. This day is designed to build critical skills required to proceed further into deeper discussions on reversing. You will also train on special purpose reversing debuggers and disassemblers.
• Foundations of Reversing
• The Reversing Process
• Program Structure
• Common Code Constructs
• Indentifying Variables & Lists
• Low level data management - Stacks, Heaps and Data sections
• Compiler representations
• Kernel vs. User memory
• Virtual Memory and Paging
• Reversing threaded applications
• Defining the Win32 API Win32 executable formats and image sections
• Discovering undocumented APIs in ntdll.dll
• Fundamentals of IDA Pro
Day 2: Reverse Engineering
Day 2 encompasses a deep discussion with hands-on content for reversing Windows binaries. Key concepts such as identifying code paths, control functions and developing a general understanding of the code to be analyzed is covered.
• Reversing file formats
• Reversing encrypted file formats
• Understanding conditional branching statements
• Virtual machines and bytecode
• System vs. Code Level reversing
• Identifying variables
• Compilers and branch prediction
• Memory management
• Advanced uses of IDA Pro
• Using Ollydbg for runtime analysis
• Kernel mode debugging with SoftICE
Day 3: Reverse Engineering - Malware
Detailed coverage on reverse engineering malware. Focus is on live malware reversing using examples of viruses, Trojans and rootkits collected from the wild.
• Using Ollydbg for runtime analysis of malware
• Kernel mode debugging with SoftICE
• Dumping executables from memory with Dumpbin
• Obfuscation of file formats
• Understanding hashing functions
• Working with encrypted binaries
• Reversing UPX and other compression types
• Reversing a Trojan backdoor
• Understanding network communications
Day 4: Reverse Engineering - Anti-reversing techniques
Day 4 works with various anti-reversing techniques that software developers and malware writers put in place to make reverse engineering more difficult.
• Basic anti-reversing strategies
• Symbol elimination
• IsDebuggerPresent API
• Single Step Interrupt Detection
• Softice Backdoor
• Exploits for IDA Pro
• IDA Pro obfuscation
• Code flow transformations
• Opaque Predicates
• Interleaving Code
• Restructuring Arrays
• Encoding variables
• Recursive traversal dissasemblers
• Reversing .NET bytecode
• Legal issues and the DMCA
• CREA review
Day 5: Binary Diffing & CREA Exam
• Using IDA to diff binaries
• Manual patch investigation
• Manual patch diffing
• Building fuzzers
• Using pei-mei
• Using other code coverage tools
• Protocol reversing
CREA Exam given on-site in the afternoon
Students with an I.T. background; having a low-level programming background is helpful but not required.