ＨｉｄｅＺｅｒｏＯｎｅ

Are you looking to gain the theoretical and practical knowledge required to perform advanced reverse engineering of third-party software and malware on the assembly language level? The Reverse Engineering Professional Learning Path will teach you several methods to identify, isolate, and finally, analyze portions of code which are of high interest, as well as the most common Windows APIs utilized for file, memory, and registry manipulation by either software protections (such as packers) or malware. During the learning process, you will also get insights into the most common anti-reversing tricks, including different code obfuscation methods, and how to bypass them.

Learning path at a glance:

• Start from the basics up to highly technical chapters
• Learn about IA-32 CPU Architecture
• Learn about functions, stack frames, heaps, exceptions, important Ring3 Windows internal structures, PE file format
• Master ImmunityDBG
• Learn about important Ring3 Windows Internal Structures
• Learn different methods to locate the important algorithms
• Understand and bypass Anti-Reversing techniques
• Perform full manual unpacking on packed executables
• Practice-based course with dozens of guided exercises
• Challenge your mind with hardcore technical topics

After a sold-out course last year at Blackhat, we are back with an updated version of our course with additional coverage of ARM64, mobile browser security, and more in-depth coverage of Mobile apps and operating system security. The class starts with a basic introduction to the ARM instruction set and calling conventions followed by some reverse engineering exercises.  We then learn how to write simple exploits for the ARM64 environment. Next, we move to Mobile browser security, understand some of the browser mitigations followed by writing some simple exploits for the mobile browser. We then cover iOS and Android internals in further detail. We then discuss some of the exploitation techniques using real-world vulnerabilities (e.g., voucher_swap, checkm8, etc) followed by a walkthrough of how jailbreaks are written. We also discuss some of the common vulnerability types (Heap Overflows, Use-after-free, Uninitialized Stack variable, Race conditions). We will also look at how to build the Android kernel, customize it using Kernel tunables and then use a 1-day vulnerability to gain kernel r/w access. The training then moves on to application security based on exploiting the Damn Vulnerable iOS app, Android-lnsecureBankv2, and lnsecurePass application written by the authors of this course in addition to a broad range of other real-world applications. We then cover a variety of mitigations deployed in real-world apps and discuss how to bypass them. Slides, videos and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the duration of the training course.

Syllabus

• Introduction to ARM64 and Mobile Browser Security [2 modules]
• iOS Exploitation
• Android Exploitation

Offensive Mobile Reversing And Exploitation (2021)

The NSA spent years developing Ghidra as its own internal reverse engineering suite. Now, thanks to the Technology Transfer Program, these powerful capabilities are readily available to the world. With support for dozens of architectures, Ghidra is rapidly gaining popularity as a tool of choice for analyzing compiled code. Ghidra’s extensibility through Java and Python scripting make it ideal for malware analysis and vulnerability research tasks. This class is a hands-on, example-driven introduction to reverse engineering with Ghidra. Attendees will learn the basics of using Ghidra to analyze executables before diving into examples of progressively more sophisticated reverse engineering countermeasures. As topics are introduced, students will reinforce what they’ve learned by solving reverse engineering challenges. Students may work independently or in groups to solve any of the introduced Capture the Flag style challenges. On the first day of this course, students will get familiar with Ghidra and how to create projects and import files. Students will learn how to analyze a program, follow its execution flow, and start customizing the disassembly and associated pseudocode. New for 2022, students will also get hands on time using the Ghidra’s debugger integration as well as newly updated support for binary patching. As we analyze more complicated examples, students will learn about basic tricks malware developers use to obscure functionality. We’ll look at how to identify strings being crafted within code, as well as dealing with code hidden in data sections to escape analysis. These examples will help illustrate how different options and built-in tools are used to improve analysis results. The second day brings more complicated challenges, including layered obfuscation and encryption. The lessons on this day will review in greater detail how to use the Python interpreter in Ghidra. Students will ultimately design and use custom Python scripts to analyze real malware.

BHEU21 – Reverse Engineering with Ghidra (2021)

Through OALABS we want to bring you the kind of reverse engineering tutorials that we wished we had when we were first learning to analyze malware. With Patreon we offer access to a wide variety of tutorials and workshops aimed at all skill levels. Our RE101 level tutorials cover important topics like how to setup a malware analysis lab, as well as reverse engineering fundaments like learning assembly, and how to use a debugger. Our RE201 level tutorials cover malware analysis specific topics like how to bypass anti-analysis checks in malware, and how to resolve dynamic imports. Our RE504 level tutorials cover advanced reverse engineering topics like how to bypass software protectors such as Themida, and VMProtect. Patreon also allows us to maintain a set of free publicly available malware analysis tutorials on YouTube as well as weekly malware analysis streams on Twitch.

Reversing Hero course is a very good course for people who want to learn reverse engineering from beginner to intermediate level. This course consists of 12 hours of video, the degree of difficulty of which increases step by step, and also in the Reversing Hero course, you have to try to solve the given exercises by yourself, and if you are completely stuck, you can watch the video of the solution to the exercise.

Reversing Hero