Make the most of static reverse engineering tools to understand different Windows & x86/x64 targets (malware, vulnerability research targets, obfuscated code, arbitrary software).
Malware analysts, vulnerability researchers, or anyone with a need to disassemble/decompile Windows code to understand their inner workings or apply patches.
Suitable for beginners & intermediates with minimal Windows reverse engineering experience (with certain advanced exercises included, e.g. obfuscated code analysis)
At completion of the training, you will have practical experience reverse engineering Windows APT malware to understand exactly how it operates for both detection and defanging purposes.
You will also have practical experience reverse engineering targets to identify vulnerabilities in arbitrary code, including Windows Kernel modules.
You’ll also have practical experience reversing APT malware from scratch, this includes writing code to handle custom packers and obfuscation techniques like opaque predicates & more.
In addition to the above, you’ll gain hands-on experience with misc techniques including writing Windows Kernel Drivers, custom PE32/32+ loaders and unpackers in Rust.
In addition to the more expected Reverse Engineering content you also learn the underlying environment binaries operate on (x86-64, Boot process (UEFI|BIOS), PE32/32+ formats, Page Table concepts & Kernel/Hypervisor) alongside actual exercises in writing your own Kernel drivers and working with Rust.
Christopher Vella has extensive experience with reverse engineering (incl. Hypervisor analysis, code deobfuscation, malware unpacking), Windows internals & vulnerability research and has found vulnerabilities in a range of high-profile software assisted via reverse engineering, (e.g: This blog post on finding a VMware vCenter 0day).