Reverse Engineering
Real-world reverse engineering applied to closed-source user and kernel targets, covering beginner and advanced topics including custom deobfuscation routine development in Rust.
Learn to reverse engineer arbitrary software, including for malware analysis & vulnerability research.
Who should take this course?
Make the most of static reverse engineering tools to understand different Windows & x86/x64 targets (malware, vulnerability research targets, obfuscated code, arbitrary software).
Malware analysts, vulnerability researchers, or anyone with a need to disassemble/decompile Windows code to understand their inner workings or apply patches.
Suitable for beginners & intermediates with minimal Windows reverse engineering experience (with certain advanced exercises included, e.g. obfuscated code analysis)
At completion of the training, you will have practical experience reverse engineering Windows APT malware to understand exactly how it operates for both detection and defanging purposes.
You will also have practical experience reverse engineering targets to identify vulnerabilities in arbitrary code, including Windows Kernel modules.
You’ll also have practical experience reversing APT malware from scratch, this includes writing code to handle custom packers and obfuscation techniques like opaque predicates & more.
In addition to the above, you’ll gain hands-on experience with misc techniques including writing Windows Kernel Drivers, custom PE32/32+ loaders and unpackers in Rust.
A disassembler/decompiler such as Ghidra, Ida or Binary Ninja (live training includes a free Binary Ninja personal license).
Windows 11 (for the Kernel Driver development component, can be a VM and x86-64 or Arm64).
Multiple hands-on exercises for each section, including advanced exercises targeting custom virtual machines & code obfuscation.
Analysis of real APT malware samples to determine technical capabilities and understand implementation.
Reversing arbitrary targets to identify vulnerabilities, including finding and exploiting a 0-day in a real binary target.
Reversing of both user-land and kernel-land targets, with a module dedicated to reverse engineering kernel drivers.
Module on getting the most out of your decompiler by leveraging scripting to assist with reverse engineering tasks (e.g. deobfuscation, unpacking).
Leverage plugins and external tools to assist with analysis (e.g. symbolic execution engines).
Understand components by working with them directly (writing custom Kernel Drivers, re-implementing custom packers & unpackers in Rust).
Live version includes a free Binary Ninja personal license.
Course Syllabus
x86/x64 & Windows Basics:
Common Mnemonics
Windows ABI
Decompiling Assembly by Hand
PE32/PE32+ Format
C/C++ => Assembly (Incl. C++ concepts e.g. vtables, classes, etc)
Reversing Rust
Creating a Custom PE32/32+ Loader in Rust
Malware Reversing 1
Vulnerability Research Reversing 1
Analyzing Targets (Incl. Advanced Targets):
User-land Theory
Kernel-land Theory
Analyzing a Service
Writing a Kernel Driver
Reversing a Kernel Driver
Kernel Malware Reversing
Vulnerable Kernel Driver Reversing
Advanced Tool Usage:
Obfuscation Theory
Analyzing an Obfuscated APT Sample from Scratch
Scripting to Automate Code Deobfuscation in Binary Ninja
Writing a Custom Unpacker in Rust
Utilizing Emulation
Messing with ABIs in Rust
Scripting to Automate Vulnerability Research
Batch Analysis & Large Scale Reversing
Analysis via Symbolic Execution
Extra:
Additional Targets (MacOS, Linux, Embedded)
In addition to the more expected Reverse Engineering content you also learn the underlying environment binaries operate on (x86-64, Boot process (UEFI|BIOS), PE32/32+ formats, Page Table concepts & Kernel/Hypervisor) alongside actual exercises in writing your own Kernel drivers and working with Rust.
Course Benefits
Beginner & Advanced Content with Live Demonstrations
Community Environment to Engage in Discussions with Peers & Instructor
Live Q&A Sessions & Ongoing Support After the Course
Frequently Updated Content with the Latest Techniques & Tools
Custom Code Developed by Signal Labs for Students
(Optional) Assessments & Completion Certificates
A firsthand look at our innovative self-paced course content.
Self-Paced Training
$2,949.00 USD
- 12-month access to the course.
- Multiple hands-on exercises for each section.
- Leverage plugins and external tools to assist with analysis.
- Analysis of real APT malware samples.
- Reversing of both user-land and kernel-land targets.
- Chance to win a Binary Ninja license.
- Dedicated area for 1:1 discussions with instructors.
- (Optional) Assessments & completion certificates.
- Note: Training platform access supports Windows and MacOS machines only.
*For larger business teams, reach out for custom packages.
Instructor
Christopher Vella has extensive experience with reverse engineering (incl. Hypervisor analysis, code deobfuscation, malware unpacking), Windows internals & vulnerability research and has found vulnerabilities in a range of high-profile software assisted via reverse engineering, (e.g: This blog post on finding a VMware vCenter 0day).
Strong Signals
