• LinkedIn Social Icon
  • Twitter Social Icon

Fundamentals of Software Reverse-Engineering

Course Description

Reverse-engineering is an essential skill for many cybersecurity disciplines – vulnerability assessment, malware analysis, and software interoperability.

This course is designed to introduce students to the fundamentals of reverse-engineering software. These fundamentals are common to desktop, mobile, and embedded architectures. Over five days, we introduce students to the x86 instruction set and CPU architecture, recognizing C code constructs in assembly code, reverse-engineering with IDA Pro, and binary vulnerability research. Lectures will be supported by extensive supervised lab exercises that will reinforce and cement knowledge as students learn.

After taking this course, students will be proficient in the fundamentals of reverse-engineering software using IDA Pro, without the help of source code or documentation.

Course Dates

Request Info

Course Location

The course can be provided on premises or off premises in a rented classroom.

 

Price

The course is $5,000.00 per student. There is a minimum of 10 students needed for the course to run and a maximum of 30 students.

 

Class Format

This course is driven by hands-on exercises with theory and diagrams in support. Each student will have access to their own hosted virtual machine (VM). This VM will contain all the tools, exercises, and documents for the class.

Prerequisites

Students are assumed to have a basic knowledge of programming in C and/or C++. Prior exposure to programming in x86 (or any other assembly language) is a plus but is not expected. Students are expected to each have a computer with an internet connection.

Course Syllabus

Day 1: Introduction to Reverse-Engineering Software

Day 2: Recognizing C Code Constructs

Day 3: Reverse-Engineering with IDA Pro

Day 4: Vulnerability Analysis

Day 5: Advanced Topics

Day 1: Introduction to Reverse-Engineering Software

  • Introductions

  • Why reverse-engineer?

  • Overview of class

  • x86 Architecture Fundamentals

  - Overview

  - Syntax

  - Registers

  - Arithmetic and logical operations

  - Data movement

  - Memory and addressing

  - Data movement with memory

  - Stack manipulation

  • Control flow

- Types of control flow

- Functions

+ Invocation

+ Calling conventions

  • Tools for reverse-engineering

- Static
          + Disassemblers

+ Decompilers

+ Other specialized tools

- Dynamic

+ Debuggers
+ Binary instrumentation

 

Day 2: Recognizing C Code Constructs

  • Refresher on C

- Types

- Code constructs

- Stack vs heap

- Global vs local variables

- Structures

- Switch

  • C code constructs in x86

- Memory accesses

- if statements

- Loops

- Switch cases

- Identifying arrays

- Identifying structures

  • Compiler optimizations

 

Day 3: Reverse-Engineering with IDA Pro

  • Introduction to IDA Pro

- Comparison to other reverse-engineering tools

  • Loading binaries

  • The interface

- Graph view

- Text view

- Functions

- Strings

- Imports

- Exports

- Structures

  • Navigating graph view

- Understanding the graph

- Labels

- Navigating between functions

  • Cross-references

- What are they

- How to use them

  • Techniques in IDA

- Labeling code

- Commenting

- Formatting

- Constants

- Applying types

  • Searching

  • Introduction to IDA Scripting

  • IDA internals

 

Day 4: Vulnerability Analysis

  • Helpful tips and tricks for effective reverse-engineering

- Symbols

- Using strings

- Bottom-up vs top-down analysis

- Annotating your IDB

- Recognizing code constructs

  • Reverse-engineering workflows

  • Common binary bug classes

- Buffer overflows

- Integer Overflows

- Lifetime bugs

+ Use after free

+ Uninitialized memory use

- Logic bugs

  • Auditing for vulnerabilities

- Unsafe functions

- Recognizing unsafe code constructs

 

Day 5: Advanced Topics

  • Advanced analysis

- C++

- Binary patching

- Rebasing

- Recognizing anti-analysis

  • Mobile/Embedded Architectures

- ARM

- PowerPC

- MIPS

  • Introduction to the IDA API

- Why script reverse-engineering

- IDA API

- IDA Python

  • Advanced tooling

- Decompilers

- Binary diffing