Reverse Engineering Training

Reserve here.

When reverse engineering skills become vital for your or your team's professional development and your local experts lack the time or skill to run your own classes, a training partner with extensive experience in the field as well as proven training skills is needed.

The wide field of architectures and platforms requires a partner with the ability to adjust to the individual needs of the attendees, in many cases also filling holes and inaccuracies in existing knowledge. Additionally, the efficient and goal oriented application of available tools for the task at hand is key to any well-organized reverse engineering training.

The Reverse Engineering Foundations class focuses on the important base knowledge of a serious reverse engineer. The five day training is packed with the details of IA-32, instruction decoding, argument referencing, binary analysis methodologies, PC architecture, file formats, APIs and analysis tools. This class has everything for the aspiring reverse engineer, with challenging hands on sessions and frequent tests of the acquired knowledge.

What Jan Muenther of the n.runs AG Security Team has to say about the class: The Recurity Labs Reverse Engineering Foundations Training makes a fantastic introduction into the field of binary analysis. Picking up the topic at the very basics and consequently building up practical skills through hands-on session, this is invaluable for everyone who always wanted to know what really happens under the hood. A great basis for further endeavors, highly entertaining, effective and instructive. All n.runs consultants, also those with some prior experience in the field, have profited greatly from their participation in this training. Wholeheartedly recommended!

The REF Training

Limited to 8 attendees per training!

Day 1

• Background on today’s computer architectures
• Number systems and representations
• CPU architectures
• Instruction bus, data bus, instructions, registers, addressing, program execution, code flow
• IA-32 basics
• Real Mode and 16Bit
• Registers, instructions, instruction encoding, memory layout, segments, BIOS, interrupts, x86 boot process
• Real Mode disassembly and exploitation
• Protected Mode and 32Bit
• Motivation, 4-Ring architecture, extended registers, 32Bit instructions, memory layout, segment descriptors, paging

Day 2

• Assembly of program files
• COM, PE/COFF
• Program loaders and modules on Windows
• Manual inspection of program file
• Methodological basics of Reverse Engineering
• Instructions decoding
• Argument referencing
• Static and dynamic analysis
• Basics of Win32 debug API
• Functionality, elements of the API, additional elements
• Basics of debugger OllyDbg
• Installation and setup, UI elements, basic functionality
• Debugging and cracking programs

Day 3

• Program execution under Win32
• Processes, threads, interprocess communication
• Introduction to Interactive Dissassembler (IDA)
• Recognation of failures, repair of IDA IDB
• In-IDB documentation
• Export for reports
• Dissassemble and document a program
• Practical trainings

Day 4

• Structure of program files under Linux (ELF32)
• Lesson: Dissassemble of a ELF program
• Introduction to GNU Debugger (GDB)
• Debugging under Linux
• Introduction to BinNavi

Day 5

• final practical exam

Trainee Tools Required

• Windows XP operating system
• IA-32 based laptop with CD-ROM Drive
• VMWare Player
• IDA Interactive Disassembler, minimum version 4.9 (free)

Dates and Cost

REF Training cost is € 2.500,- (excl. VAT). Reservations must be made until the 05.05.2008.
Reserve here. Attendance is only accepted for fully paid seats.
The training is held at the Recurity Labs office in Berlin, Germany.