eXtreme Reversing™ Training

Training Goals

With successful training participants are able to work on extreme extensive binary security analysis and binary auditing processes on software systems and software security environments such as copy protection analysis or malware analysis. The certification is optional and finalizes of the training trail.

The Certified eXtreme Reverser™ qualification is aimed at people involved in very professional Binary Auditing tasks. This includes professionals in roles such as copy protectionists, malware analysts, or exploit developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.

Certification

The Certified eXtreme Reverser™ qualification is aimed at people involved in advanced Binary Auditing. This includes people in roles such as protectionists, malware analysts, exploit developers, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.

The exam is given on-site, IITAC - International Institute has achieved a very high pass rate for this certification. Assessor is IITAC - International Institute which is a department by Cognitve Core. Certification process is according to ISO/IEC 17024. Certification assessment was provided by a certification committee. Certification is according to ISO/IEC 17024 independent of the training.

Course Structure

This is a 5 day course where the notion of rapid response is taken into consideration with each aspect, focusing on techniques and methodologies that can be applied in a timely and effective manner. We will enhance your debugging abilities such as identifying operators and operands without focusing on each letter, not sounding out all words, not sub-vocalizing some phrases, or spending less time on some structures than others, and skimming small sections. At the completion of this training, participants get applicable real world knowledge that can be directly applied.

How the Course is Run

This course is by no means a 5 day Powerpoint Presentation Karaoke. We focus on full practical group and individual exercises with high engaged interaction with the trainer. Learning by teaching as training method is used as well as competitive training methodologies. As well we do not rely on “ethical” approaches but look under the hood to discuss appliable real life scenarios. We train action-based and full practical what other companies never would dare to train!

Learning Environment

Aside from direct class materials, hands-on exercises, students will have many opportunities to engage in one-on-one questions with instructors. Furthermore, students may be partly divided to pairs to support Pair-Reversing methodology which is a proven known methodology used in Pair-Programming during eXtreme Programming and agile software development.

Requirements

Persons interested should possess at least a bachelor’s degree in a related field and should have at least 2 years experience in the field of software development. We recommend a master degree. Prospective students should be comfortable in using IDA Pro and have a very good understanding of x86 assembly and high level programming and OS concepts.

What to Bring

Students must bring their own laptop running an installation of Microsoft® Windows® 2000, XP or 2003 either natively or within a virtual machine. Students should install and begin to familiarize themselves with HexRays IDA Pro. A demo copy of IDA Pro is available from HexRays. The demo version of IDA Pro is not sufficient for this course! It is highly recommended to own a copy of (minimum) IDA Pro Standard. Students should also have the Windows version of Python installed. For plugin development the IDA SDK and Visual Studio should be installed as well. All other tools will be provided for the students in the class room. The training fees do not include any license fees for products!

What’s Included

5 Days of professional Reverse Code Engineering instruction from a very experienced professional long year trainer and auditor with community experience. Small class size between min. 8 and max. 16 participants. Cognitive Core’s Binary Auditing Toolbox includes all (and more) covered in the course for at home study. All meals, snacks and refreshments included. Certified eXtreme Reverser™ exam fees are included as well.

Day 1: Warm Up

Introduction to Cognitive Debugging, debugging theory, review of important elements: Binary Cryptography, Anti Reverse Code Engineering, Manual Unpacking: Theory and Practice (Anti-RCE, Obfuscation, Virtual Machines) Buffer Overflows, Windows Architecture, Vulnerability Research Firmware Reversing and GPL Violations, Reverse Code Engineering exercises in IDA Pro

Day 2: Advanced Binary Cryptanalysis

Review of important cryptographic algorithms, identifying and reversing cryptographic algorithms, advanced encryption tricks, Reverse Code Engineering exercises in IDA Pro

Day 3: Reverse Code Engineering of Very Complex Binary Protections

Frequently used protections (Nanomites etc.), Virtual Machine Reversing, Rootkit analysis, DLL Injection, Ring-0 Reversing, Tool Support Construction (TSC) and Script/Plugin development, Reverse Code Engineering Exercises in IDA Pro, FreeStyle Training with human supervision

Day 4: Real Target Analysis 1

Extreme Reverse Code Engineering Exercises in IDA Pro, Analysis of a real actual protection / malware, FreeStyle Training with human supervision

Day 5: Real Target Analysis 2

Extreme Reverse Code Engineering Exercises in IDA Pro, Analysis of a real actual protection / malware, FreeStyle training with human supervision, course summary

Day 5: Certification by IITAC - International Institute