Reverse Engineering Training

Reserve here.

When reverse engineering skills become vital for your or your team's professional development or your local experts lack the time or skill to run your own classes, a training partner with extensive experience in the field as well as proven training skills is needed.

The wide field of architectures and platforms requires a partner with the ability to adjust to the individual needs of the attendees, in many cases also filling holes and inaccuracies in existing knowledge. Additionally, the efficient and goal oriented application of available tools for the task at hand is key to any well-organized reverse engineering training.

The Reverse Engineering Foundations class focuses on the important base knowledge of a serious reverse engineer. The five day training is packed with the details of IA-32/64, instruction decoding, argument referencing, binary analysis methodologies, PC architecture, file formats, APIs and analysis tools. This class has everything for the aspiring reverse engineer, with challenging hands on sessions and frequent tests of the acquired knowledge.

The REF Training

Limited to 9 attendees per training!

Day 1
  • Background on today’s computer architectures
  • Number systems and representations
  • CPU architectures
  • Instruction bus, data bus, instructions, registers, addressing, program execution, code flow
  • IA-32/64 basics
  • Real Mode and 16Bit
  • Registers, instructions, instruction encoding, memory layout, segments, BIOS, interrupts, x86 boot process
  • Real Mode disassembly and exploitation
  • Protected Mode and 32Bit
  • Motivation, 4-Ring architecture, extended registers, 32/64Bit instructions, memory layout, segment descriptors, paging
Day 2
  • Assembly of program files
  • COM, PE/COFF
  • Program loaders and modules on Windows
  • Manual inspection of program file
  • Methodological basics of Reverse Engineering
  • Instructions decoding
  • Argument referencing
  • Static and dynamic analysis
  • Basics of Win32/64 debug API
  • Functionality, elements of the API, additional elements
  • Basics of debugger OllyDbg
  • Installation and setup, UI elements, basic functionality
  • Debugging and cracking programs
Day 3
  • Program execution under Win32/64
    • Processes, threads, interprocess communication
  • Introduction to Interactive Dissassembler (IDA)
  • Recognation of failures, repair of IDA IDB
  • In-IDB documentation
  • Export for reports
  • Dissassemble and document a program
  • Practical trainings
Day 4
  • Structure of program files under Linux (ELF32)
  • Lesson: Dissassemble of a ELF program
  • Introduction to GNU Debugger (GDB)
  • Debugging under Linux
  • Introduction to BinNavi
Day 5
  • final practical exam

Trainee Tools Required
  • Windows operating system
  • Laptop
  • VMWare Player
  • IDA Interactive Disassembler, minimum version 5.0 (free)