Reverse Engineering
BT221
Table of Contents
Description
Reverse Engineering is a technique used to analyze software to identify and understand its components and its flows. It is a process of understanding code infringement processes and analyzing software weaknesses. Reverse Engineers analyze systems to create system representations in another form of abstraction.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
Self-work at home between lessons; - Repetition of materials, self-learning, performing tasks, etc …
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.
Target audience
• Cybersecurity practitioners
• Cyber forensics analysts
• Security engineers
• Security researchers
• Incident responders
• Junior reverse engineers
• Software developers
• IT security administrators
Objectives
- Become familiarized with the concept of reverse engineering and applications
- Analyze various file formats to uncover the hidden codes within them
- Identifying Control flows
- Understand Assembly
- Conducting open-source intelligence
- Exploiting server, database, and application software
Pre-requisites
- ThinkCyber Level-1 courses
Syllabus
Description
This module aims to cover necessary theories and concepts on which reverse engineering is based, starting from the base structure of files and its source.
Technical content
- Calculation of Bases
o Hexadecimal Base
o Binary Base
o Transition Between Bases
o Transition Between Hexadecimal to Binary and vice Versa
o Numerical Actions on Numbers in Different Representations
o Negative Numbers
Description
During this module, participants will practice an in-depth analysis of the program codes using Assembly principles. Participants will be able to recognize the effect of software and codes before their initial execution.
Technical content
- Assembly
o Registries
o Processor Architecture
o PE Format – Portable Executable - Installing a Workspace
o Linux syscall Table
o File Descriptor
o The Connection to Files
o Start of Program Construction
o Debugging Process
o IDA - Professionalization in GDB
o Jumps & Conditions
o Manipulation on a Processor
o Loops
o Activating Number-Detonation on the Processor
o Ordering Bytes
o Maintaining Flags Mode using a Stack
o Stack
o Calling Conventions
o Build printf Functions using Assembly
o Call to Functions
Description
In this module, participants will gain knowledge of memory management and controlling code flows while utilizing it to replicate and exploit software; participants will be focusing on using code and memory flows to use and develop exploits.
Technical content
- Buffer
o Protostar
o Buffer Overflow - Writing Exploits to Bypass Protections
o Processes in Computer Science
o Pseudo-terminal
o Race Condition
o Apport Service
o How Debugger Works
o Anti-Reversing
o Return Oriented Programming (ROP) - Memory Management policy
o W^X
o NX bit
o DEP
o Ret2libc
o Format String
o Overcoming the ASLR Mechanism Through the Format String Attack
o The Process of Adding the Addresses to a Written Code - Memory Management
o Heap
o How a Process Gets Memory From the System
o Heap Overflow - Preparing a Windows Workspace
o Visual Studio
o OllyDbg
• Exploitation Over the Internet
o Buffer Overflow Over the Internet
o Tracer Browser Detection
o Fuzzing
o SPIKE
o Debug Using OllyDbg to Restore Crash
o Shellcode
o Manually Create Shellcode
o Create Shellcode Using Metasploit - Bad Characters
o Encoding
o From Python to Metasploit
o Mixins
o SLmail
o Immunity Debugger
o Mona.py - Preparing crack for the game “mine-sweeper”
o The Crack Making Process
o The dll Analysis
Labs
- Lab 1 Calculation of Bases
- Lab 2 Representing Information
- Lab 3 Assembly
- Lab 4 Controller Flags in the Processor
- Lab 5 Professionalization in GDB
- Lab 6 Buffers
- Lab 7 Writing Exploits to Bypass Protections
- Lab 8 Memory Management Policy
- Lab 9 GOT Utilization
- Lab 10 Memory Management
- Lab 11 Exploitation
- Lab 12 Bad Characters
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group:
defense
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Certification
This course prepares the participant to the following certification:
- GREM (SANS)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
