Overview
Reverse engineering has evolved from a "dark art" traditionally restricted to the elite few, to a learnable methodology using public and commercial tools. Vulnerability researchers utilize the art to go beyond the reachable depth of traditional fuzzer technology and locate the more obscure finds. Because of advancements in today's malicious code, analysts can no longer rely solely on live-analysis techniques for mapping the internal workings of malware. In general, more and more researchers are finding the need to peek "under the hood". This class is meant to impart cutting-edge understanding of malicious code analysis upon attendees, ultimately taking them to an advanced level of reverse engineering skills applicable to other security domains.
What You Will Learn
This course was designed for students who have an introductory / basic understanding of x86 assembly and reverse engineering as well as more advanced students wishing to refresh their skills and learn new approaches to familiar problems. The course will cover the basics of x86 assembly and pattern recognition, Windows process memory layout, tools of the trade (such as IDA Pro and OllyDbg), the PE file format and basic exploitation methodologies abused by worms to penetrate a target system (stack/heap overflows). As this course is focused on malicious code analysis, students will be given real-world virus samples to reverse engineer. The details of executable packing, obfuscation methods, anti-debugging and anti-disassembling will be revealed and re-enforced with hands-on exercises.
Toward the end of the course more advanced reverse engineering techniques with applications to malicious code analysis will be taught—including:
Course Structure
This is a two-day course where the notion of "rapid response" is taken into consideration with each aspect, focusing on techniques and methodologies that can be applied in a timely and effective manner. We will force you to learn shortcuts and put your mouse to rest. At the completion of this course, students will walk away with applicable real world knowledge that can be directly applied to various reverse engineering related tasks, especially with regards to malicious code analysis.
How the Course is Run
This course is by no means a two-day lecture. Instead, you will be engaged in a number of individual and group hands-on exercises to reinforce and solidify everything that is taught in the class. Some of the exercises are held in a competitive nature, followed by class discussion to pin point elegant approaches and solutions that various individuals or groups may have used. Despite the fact that the course is held in Vegas, take home exercises will be available for the type-A personalities attending the course.
Who Should Attend
If you are interested in the field of reverse engineering, want to learn how to dissect unknown code faster, want to discuss cutting edge technologies, techniques and ideas, or simply want to impress your friends ... then this class is for you.
Learning Environment
Aside from direct class materials, slides and hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Furthermore, students will be divided into groups by experience to foster student-student knowledge transfer as well.
Prerequisites
Prospective students should be comfortable operating Microsoft Windows and have a basic understanding of x86 assembly and high level programming and OS concepts.
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
Early:
Ends |
Regular: |
Late/Onsite: |
USD |
USD |
USD |