Reverse Engineering

In this 5-day zero-to-hero course, students walk through the basic theory and practice of Reverse Engineering. We’ll look at OS Design, assembly, object file formats, and program analysis techniques. Students will use a variety of tools including volatility, pwntools, and Ghidra.each.

Course Objectives

To be able to practice the basic skills in reverse engineering.

Duration and Schedule

5 Days, 9am – 5pm

Training Outcomes

  • Demonstrate understanding of Operating Systems
  • Demonstrate understanding of x86 32-bit and 64-bit assembly code
  • Demonstrate understanding of ELF binary rewriting and program patching
  • Demonstrate understanding of manual and automated program analysis

Who Should Attend?

  • Developers
  • IT Professionals
  • Embedded Developers
  • Malware Analysts
  • DFIR Staff
  • OS Developers
  • Penetration Testers
  • Software Security Auditors/Analysts
  • Vulnerability Researchers
  • Software Exploitation Developers
  • and anyone interested

About the Trainer

Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra – Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

What to Bring to Face-to-Face Training?

  • All materials are provided by InfoSect

What Will be Provided in Face-to-Face Training?

  • Laptops for class use
  • 900 page coil bound lecture materials
  • Catering provided.
  • Access to VMs with laboratories
  • InfoSect Swag

What will be Provided in Live, Interactive, Online Training?

  • Lecture notes in PDF
  • Lab guides in PDF
  • Access to VMs with laboratories
  • InfoSect Swag (for Australian shipping only)

Participant Skillset

Students taking Reverse Engineering should have an intermediate programming background. They should have hands on experience in:

  • C Coding Experience
  • Linux
  • Simple Python Scripting

Class Syllabus
Day 1 (OS Design)
Lectures

  • Introduction to the Training
  • Overview of Reverse Engineering
  • The Computing Landscape
  • Targets
  • OS Design
  • Device Drivers
  • The Kernel Interface
  • Filesystems
  • Process Management
  • Memory Management
  • Applications
  • Networking

Labs

  • Filesystems
  • Live Memory Forensics (volatility)
  • Software Applications

Day 2 (x86 Assembly Code)
Lectures

  • History of x86
  • Development in x86 Assembly Language
  • Basic x86 Assembly Language
  • X86 Control Flow Instructions
  • Conditions in x86
  • Iteration in x86
  • x86 Stack Instructions
  • Functions in x86
  • Linux x86 and x64 System Calls
  • Shellcoding
  • x86 Linux Shellcoding
  • x64 Shellcoding

Labs

  • x86 Assembly Coding

Day 3 (Object File Formats)
Lectures

  • Introduction to Object File Formats
  • Introduction to ELF
  • Manipulating ELF Executables
  • The GOT and PLT
  • ASLR and Position Independent Executables
  • ELF Code Injection
  • Introduction to PE

Labs

  • ELF Rewriting and Program Patching

Day 4 (Program Analysis)
Lectures

  • Overview of Analysis
  • Mathematical Representations
  • Program Representation
  • Dynamic Analysis
  • Static Program Analysis
  • SMT Solving
  • Symbolic Execution
  • Binary Analysis
  • Program Similarity
  • Program Classification

Labs

  • Ghidra
  • Vulnerability Research in Binaries
  • Coccinelle

Day 5 (Recipes)
Lectures and Labs

  • Identifying File Types
  • Embedded Strings, Files, and Data
  • Recover Encoded Data
  • Identify Object File Manipulation
  • Identify Command Line Options
  • Identify Environment Variables
  • Identify Functionality with Decompilation
  • Execute Hidden Functionality
  • Dump Plaintext in Memory
  • Show Plaintext in a Library or System Call
  • Changing a Library Function with LD_PRELOAD
  • Disabling Code with a Debugger
  • Permanently Disabling Code
  • Changing the Return Value of a Function
  • Decompile and Recompile
  • Use Symbol Execution on a Binary