An Introduction to Software Reverse Engineering
This ICSL short course provides expert-led training with personal tuition and gives participants the skills to understand the internal operations of compiled software. Software reverse engineering is used by advanced developers to design new software to interoperate with old programs, and by cyber security analysts to go inside the black box to explore malware capabilities for mitigation purposes.
Overview
Our course provides a 1 - 3 day Introduction to Software Reverse Engineering that can be tailored to the needs of individuals or company teams. The 1-day version of this course uses compiled open-source exercises. to allow us to focus on the core skills of software reversing. The 3-day course focuses on reversing malware, handling procedures, defeating packers, defeating custom encryption, and deobfuscating function calls. This course provides an introduction to reverse engineering software on Windows platforms
Course Highlights
Ethical Requirements: We start with an introduction to the ethical and legal requirements for reverse engineering, and examine situations where well-meaning people have been entangled in legal issues.
Supporting Tools: We provide hands-on training with essential static and dynamic analysis tools. Proficiency with these tools allows reverse engineers to stay focused and to maintain their productivity.
Simplified Architecture: Low-level CPU details and instruction set complexity keep many people from getting started in reverse engineering, and there is a steep learning curve. This course teaches a simplified Intel CPU model and focuses on the most common instructions to allow attendees to become productive quickly, and look up new instructions as needed.
Analysis Tools: Our course focuses on hands-on training with the open-source x64gbd debugger and the ghidra disassembler/decompiler. Course numbers are kept low to provide personal assistance to overcome difficulties and start reversing.
Practical Exercises: Build new skills with debuggers. disassembler, and decompilers through practical exercises on stripped open-source programs or with in-the-wild malware samples.
Audience
- Cybersecurity analysts looking to deepen their understanding of malicious software, and compiled program analysis.
- IT staff seeking to understand the in-depth capabilities of compiled software.
- Individual enthusiasts who are interested in the inner workings of software.
- Students and academics in computer science and cybersecurity.
Requirements
This is an advanced-level course that explains the relationship between source code and the compiled program. A knowledge of coding is needed to gain the most from this training.
A laptop running Windows 10 or 11, with at least 16 GB of RAM, and one gigabyte or more of free storage space. Some corporate laptops are not suitable due to the whitelisting of allowed software installation.
The tools used in the training are publicly available and will be provided on USB storage, or may be downloaded according to preference.
The 1-day training session is based on benign binaries and avoids special handling requirements. The 3-day training course includes malware handling requirements and the use of virtual machines in malware analysis.
Contact Us:
For group bookings and corporate training inquiries, please email Dr Paul Black to discuss tailored training solutions for your team.