Hex Rays

Trainings & Seminars

Hex-Rays regularly organises seminars and training sessions. Training comprises theoretical and practicals sections, with hands-on exercises that will allow you to acquire deep understanding of the concepts and method. All talks and training sessions are given by experts.

Dates for 2020 seminars and training sessions will be announced later during the year. In the meantime, feel free to consult the already available information below and to contact sales with any remaining question you may have.


What you will need to attend training:

An IDA license with active support period. There is no need to bring your copy of IDA with you, we will provide you with the latest version at the class. The package will include a free time-limited copy of the decompiler.

Please bring your laptop with you. For the programming class, we will ask you to have a C++ compiler installed (Visual Studio on windows, g++ on linux & OS X.)

Please consult important additional requirements for standard or IDA programming training below


icon-licenseicon-plusicon_laptop

Standard IDA training (3 days)




IDA – the premier binary code analysis software tool

Who should attend this course: Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: good x86 assembly knowledge, basics MS Windows API, basic programming skills in any procedural programming languages (C/C++ is preferred)

This training will demonstrate the use of IDA to analyze binary programs on modern operating systems. While the training will be mainly focused on Microsoft Windows programs, the skills taught are universal and usable on other IDA supported platform.

The following topics will be covered:

  • Feature oriented introduction to the IDA architecture:
    The training will focus on making the most of the core IDA
    disassembly features, its debugger and IDC to dissect modern
    real world malware such as MyDoom, Zotob and Warezov.
  • Binary program analysis in IDA: where to begin, how to proceed
    toward the goal
  • The binary level representation of modern programs and
    how malware abuses conventions through code
    obfuscation, code hiding, etc. Special techniques to handle
    obfuscated code.
  • Problems encountered during analysis and how to
    handle them.
  • Automating IDA: batch processing, scripts, plugins

Standard Course Outline:

  • IDA overview
  • Common executable file features
  • Debugger
  • IDC
  • IDA features
  • Memory organization
  • FLIRT
  • Type system
  • IDS files
  • Working with IDA
  • Creating the database: various information sources
  • Various views of the database
  • Navigation
  • Modifying the listing
  • Patching the program
  • With all this information, how do I start my analysis?
  • Working with high level data
  • Arrays
  • Structures
  • Enumerations and bitfields
  • Advanced operations
  • Offsets
  • Bulk operations
  • Special structure types
  • Function prototypes
  • Processor specific issues
  • Code obfuscation
  • Overview of obfuscation techniques
  • Countermeasures
  • Exercises with several real-world sample files

The training material has been updated to cover the latest additions to IDA.


Programming for IDA (2 days)



IDA – extending and building upon it

Who should attend:Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: IDA user skills, programming skills in C/C++ languages, solid reverse engineering experience

This training is intended for experienced IDA users who want to take advantage of its open architecture by extending and improving it. You will learn how to write modules to modify the listing, react to events, decrypt/uncompress data right in the database, and many other things. After the course you will have solid understanding of its concepts, classes, and programming interface.

We will implement several useful plugins. Be prepared to program a lot in this training!

The following topics will be covered:

  • IDA architecture overview
    • Modules
    • Memory representation
    • Database organization
  • SDK
    • Setting up
    • Processor module framework
    • Loader framework
    • Plugin framework
    • How to debug custom modules

  • IDA subsystems
    • Utils: i/o, custom stl, regex, misc
    • Database: netnodes and flags
    • Foundations: bytes, names, offsets, etc
    • Address range class: segments and functions
    • Accessing and using IDC
    • Cross-references
    • Functions
    • Events
    • Type information
    • Structures and enums
    • Debugger
    • User interface
    • Graphing
    • Decompiler framework
  • Plugin programming
    • General guidelines
    • Plugin samples/exercises
      • Colorizer
      • Object extractor
      • Debugger helper
      • Type information
      • Graph plugin
      • Processor extension
      • Reaction to events



testimonials icon


Testimonials

“Excellent training. Would recommend highly.”

“Great class to learn about the powerful features of IDA.”

“Very organized, excellent selection of exercises. They build on one another.”

“It was the best reverse engineering course I have ever attended.”

“Come prepared. A lot was covered. Learning environment was excellent. Staff are very professional. Learned & gained new skills.”

“It is a great course for not only using the tool, but for general understanding of binaries.”

“This class is indispensible to a beginning RE, make sure to brush up on assembly instructions and concepts.”

Go to top of page