Reverse engineering is the process of understanding software. Whether a programmer made a mistake, the compiler introduced unexpected behavior, or the original source code is unavailable, there are countless properties that can only be uncovered through analyzing a program's final, compiled form. Which makes reverse engineering crucial to understanding the true behavior of complex systems and serves a fundamental role in a robust cybersecurity ecosystem.

But again, reverse engineering is a process. Merely being able to see what lies underneath is not enough to reason about how a program behaves. The intent of assembly code, in contrast to its possible source, is inexplicit, hard to reason about, and insecure. Compilers need to map a theoretically infinite number of variables to a finite number of registers, and most processors use memory models that do not differentiate among different data structures, arrays, types, and sometimes even code. Simply put, a tremendous amount of information that is vital in understanding a program is irrecoverably lost through the process of compilation. Consequently, the process of identifying and recovering those structures, variables, types, and everything else that gets lost, is the process of reverse engineering.

Over the course of this training, students will learn the methodologies employed by seasoned experts to deduce and recover nearly all aspects of compiled programs. They will become proficient in recognizing common code patterns, structures, types, and algorithms on sight, while also learning how to effectively record their analysis data to achieve a better understanding of their targets.

To account for the many applications of reverse engineering, the curriculum spans a wide array of optional intermediate topics that students can choose from to allow them to focus on precisely what they require to excel in their role. At the end of each topic during the class, students get to vote on which topic they'd like to explore next. For those focused on finding bugs, we'll leverage modern analysis techniques to locate and verify them faster than ever before. For those explorers of strange new architectures and platforms, we'll build tooling that works agnostically across all systems. For engineers interested in automation, we'll write cutting-edge analysis scripts to reduce or completely eliminate the need for human interaction. And for anyone feeling restricted by their current tools or workflow, we'll get under the hood and completely customize the reversing experience.

Truly, wherever you are, this course covers everything you need to boost your skills to the next level!

Prerequisites

Students must be able to read and write intermediate-level Python scripts. A foundation in reverse engineering, vulnerability research, firmware analysis, or similar is strongly recommended (see our "Which Class Is Right for You?" quiz). Students should be familiar with how the stack works, what the heap is, and some basic vulnerability classes (buffer overflow, stack smashing, etc). Guided exercises reminiscent of low-point reversing CTF challenges are integrated into the course, and students should be able to derive their own solutions.

Key Learning Objectives

• A thorough understanding of program theory and how to approach the program analysis process.
• Accurately identify data structures such as arrays, structures, linked lists, and more.
• Accurately identify common code patterns such as indexing into a buffer, accessing a structure member, and various control flow primitives.
• Improve the accuracy of decompilation through annotating types, functions, and variables.
• Identify and correct common decompiler mistakes.
• Locate and analyze various bug classes such as buffer overflows and use-after-frees.
• Automate reverse engineering tasks such as locating all calls to a function, checking for unbounded parameters, and source to sink analysis.
• Create plugins for Binary Ninja to customize the reverse engineering experience, support new architectures and platforms, automate tasks, and so much more!

Available Topics and Exercises

• Beginner, intermediate, advanced, and real-world exercises
• Leveraging intermediate representations for reverse engineering
• Binary annotation / interaction
• How data is structured in a program
• How data is moved and manipulated in a program
• How to identify structures in a program
• Identifying arrays and how they're used
• Recovering classes and inheritance patterns
• Recognizing pointers and their data
• Automatically locating cryptographic constants and functions
• Automatically deducing and applying data structures
• Automating source-to-sink analysis
• Generating useful program and function metadata
• Using and automating the debugger
• Scripting queries for binaries
• Single Static Assignment form
• Finding data and references
• Dataflow analysis
• Interprocedural analysis
• Writing plugins for Binary Ninja
• Writing custom architecture plugins
• Supporting new binary formats
• Binary patching / transforms / unpacking
• Customizing analysis with workflows
• Migrating from other tools
• Batch processing
• And more!

Hardware/Software Requirements

A laptop that can run Binary Ninja (Ubuntu 20.04/22.04 x64; Windows 10/11 x64; MacOSX 11+ x64, MacOSX 12+ arm64).

(Optional) A VM to run binaries (most binaries are also provided for Linux, Mac, and Windows, though we often focus on just the Linux versions)

Included Course Materials

• A free non-commercial license of Binary Ninja including one year of updates (can convert to a license extension or used as a discount for a commercial upgrade upon request)
• A one-week free trial of Sidekick redeemable within one month from the start of class
• Slides, cheat-sheets, and tons of useful diagrams and reference resources
• Example scripts and binaries
• Full answers and solution scripts
• Take-home problems at the end of class to practice what you learned and challenge you to go further!
• (Upon request) Certificate of participation or completion usually redeemable for Class-A credit hours towards cert renewals; Check with your cert provider for additional requirements and how to redeem