IDA Pro Training

Training Goals

We often craft customized courses depending on your interests, or you can ask for a personal, 1-1 bootcamp (you and the trainer only) for an higher price to better suit your needs.

With successful training and certification participants are able to fulfil extensive binary security analysis and binary auditing processes on software systems and software security environments using IDA Pro. The certification is optional and finalizes of the training trail.

This course was designed for students who have an introductory / basic understanding of x86 assembly and reverse engineering as well as more advanced students wishing to refresh their skills and learn new approaches to familiar problems. In this 5 day hands-on course, you will gain the necessary binary software engineering and analysis skills to discover the true nature of any x86 binary.

Certification

The Certified Reverse Code Engineering Professional™ qualification is aimed at people involved in advanced Binary Auditing. This includes people in roles such as protectionists, malware analysts, exploit developers, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.

The exam is given on-site, IITAC - International Institute has achieved a very high pass rate for this certification. Assessor is IITAC - International Institute which is a department by Cognitve Core. Certification process is according to ISO/IEC 17024. Certification assessment was provided by a certification committee. Certification is according to ISO/IEC 17024 independent of the training.

Course Structure

This is a 5 day course where the notion of rapid response is taken into consideration with each aspect, focusing on techniques and methodologies that can be applied in a timely and effective manner. We will enhance your debugging abilities such as identifying operators and operands without focusing on each letter, not sounding out all words, not sub-vocalizing some phrases, or spending less time on some structures than 0thers, and skimming small sections. At the completion of this training, participants get applicable real world knowledge that can be directly applied.

How the Course is Run

This course is by no means a 5 day Powerpoint® Presentation Karaoke. We focus on full practical group and individual exercises with high engaged interaction with the trainer. Learning by teaching as training method is used as well as competitive training methodologies. As well we do not rely on “ethical” approaches but look under the hood to discuss appliable real life scenarios.

Learning Environment

Aside from direct class materials, hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Furthermore, students will be divided to pairs to support Pair-Reversing methodology which is a proven known methodology used in Pair-Programming during eXtreme Programming and agile software development.

Requirements

Persons interested should possess at least a bachelor’s degree in a related field and should have at least 2 years experience in the field of software development. We recommend a master degree. Prospective students should be comfortable operating Microsoft Windows and have a basic understanding of x86 assembly and high level programming and OS concepts.

What to Bring

Students must bring their own laptop running an installation of Microsoft® Windows® 2000, XP or 2003 either natively or within a virtual machine. Students should install and begin to familiarize themselves with HexRays IDA Pro. A demo copy of IDA Pro is available from HexRays. It is highly recommended to own a copy of (minimum) IDA Pro Standard. Students should also have the Windows version of Python installed. For plugin development the IDA SDK and Visual Studio should be installed as well. All other tools will be provided for the students in the class room.

What is Included

5 Days of professional Reverse Code Engineering instruction from a professional long year experienced trainer and auditor. Small class size between min. 8 and max. 16 participants. Cognitive Core’s Binary Auditing Toolbox includes all (and more) covered in the course for at home study. All meals, snacks and refreshments included. Certified Reverse Code Engineering Professional™ exam fees are included as well.

Day 1 - Introduction to Reverse Code Engineering in IDA Pro

Review of important elements: Assembly: Intel© Instruction Set Review, Assembly: Intel© Architecture Review, Assembly: Stack/Heap Mechanics, Assembly: High-Level Language Code Reversing, General Introduction to IDA Pro, Loading Binary Files, Common executable file features, Memory organization, Binary Signatures, FLIRT, IDA Editor Views, Visual Editing and Debugging, Views of the Analysis, Disassembly View, Binary Editing, Names and Strings View, Import and Export View, Naming Conventions, Reverse Code Engineering Exercises in IDA Pro

Day 2 - IDA Pro

Data Analysis in IDA Pro (Custom Labels, Names, Comments, Cross References, Data Management in IDA Pro, String Models, Array Management, Data Structures Creation, Constants and Bitfields creation, Data Analysis and Disassembly Integration), Code Analysis in IDA Pro (General Options and Naming Conventions, Specific Compilers and IDA Pro, Call Models and Interpretation, Functions and Procedures Overview, Functions Prototypes and Type Propagation, Custom Labels, Comments, Names, Cross Reference), Editing Functions of IDA Pro (Editing Operand Types, Editing Function Types, Editing Structures, Search and Jump, Reverse Code Engineering Exercises in IDA Pro)

Day 3 - Analysis Techniques in IDA Pro

IDA Pro Debugger, Fundamentals of Debugging, Remote Debugging, Breakpointing and Tracing in IDA Pro, Basics of Anti-Debugging and Obfuscation Techniques, Basics of IDC Scripting, Basics of IDA Plugin Writing, Reverse Code Engineering Exercises in IDA Pro

Day 4 - Intermediate Reverse Code Engineering Techniques in IDA Pro

Points of Interest’s Research, Code Navigation and Binary Signatures, Understanding the importance of PE Analysis, Advanced Reverse Code Engineering Exercises in IDA Pro

Day 5 - Complex Analysis with IDA Pro & Certification

Analysis of Cryptography in IDA Pro, Reverse Code Engineering Exercises in IDA Pro, FreeStyle Training, Course Summary, Certification Exam.

As Well you Learn About...

Understanding conditional branching statements, virtual machines and bytecode, system vs. code level reversing, identifying variables, compilers and branch prediction, memory management, Win32 executable formats and image sections, dumping executables, locating undocumented APIs, reversing dll’s, obfuscation of file formats, understanding hashing functions, working with encrypted binaries, reversing packers and protectors incl. simple malware, discovering stack and heap overflows, crash analysis, monitoring registry changes, identifying malware communication channels, thwarting anti-debugger code, debugging multi-threaded programs.