State-of-the-art binary code analysis tools

What is this course about

IIDA and the Hex-Rays decompiler are powerful tools, usable by engineers with any skill level; the higher the skills, the better the result.
In order to get the best out of them, the people behind IDA regularly organize training sessions, to allow users to perfect their understanding of the concepts & methodology.
Training comprises theoretical and practical sections, with hands-on exercises, given by experts. Different classes are provided upon the needs of students, from entry level to expert classes aimed at maximizing its capabilities!

Ready to step up the next level in binary analysis? Scroll down for more information!

Closing date of registration:
15:00 CEST, Friday 7th May 2021

Standard training (5 days)
10-14 May 20214999 EUR (5999 USD)

This training will be taken place ONLINE (CEST)
This class provides standard knowledge about IDA by demonstrating its use to analyze binary programs on modern operating systems. While the training will be mainly focused on Microsoft Windows programs, the skills taught are universal and usable on other IDA supported platforms.

What will be covered in the course:

  • Feature oriented introduction to the IDA architecture: The training will focus on making the most of the core IDA disassembly features, its debugger and IDC to dissect real world malware.
  • Binary program analysis in IDA: where to begin, how to proceed toward the goal
  • The binary level representation of modern programs and how malware abuses conventions through code obfuscation, code hiding, etc. Special techniques to handle obfuscated code.
  • Problems encountered during analysis and how to handle them.
  • Automating IDA: batch processing, scripts, plugins

Standard Training outline:

  • IDA overview
  • Common executable file features
  • Debugger
  • IDC
  • IDA features
  • Memory organization
  • FLIRT
  • Type system
  • IDS files
  • Working with IDA
  • Creating the database: various information sources
  • Various views of the database
  • Navigation
  • Modifying the listing
  • Patching the program
  • With all this information, how do I start my analysis?
  • Working with high level data
  • Arrays
  • Structures
  • Enumerations and bitfields
  • Advanced operations
  • Offsets
  • Bulk operations
  • Special structure types
  • Function prototypes
  • Processor specific issues
  • Code obfuscation
  • Overview of obfuscation techniques
  • Countermeasures
  • Exercises with several real-world sample files
Closing date of registration:
15:00 CEST, Friday 7th May 2021

Advanced training (3 days)
17-19 May 2021 2999 EUR (3599 USD)

This training will be taken place ONLINE (CEST)
This training is intended for experienced IDA users who want to take advantage of its open architecture by extending and improving it. Participants will learn how to write modules to modify the listing, react to events, decrypt/uncompressed data right in the database, and many other things. After the course, participants will have solid understanding of its concepts, classes, and programming interface. We will implement several useful plugins. Be prepared to program a lot in this class!

What will be covered in the course:

  • IDA architecture overview
    • Modules
    • Memory representation
    • Database organization
  • SDK
    • Setting up
    • Processor module framework
    • Loader framework
    • Plugin framework
    • How to debug custom modules
  • IDA subsystems
    • Utils: i/o, custom stl, regex, misc
    • Database: netnodes and flags
    • Foundations: bytes, names, offsets, etc
    • Address range class: segments and functions
    • Accessing and using IDC
    • Cross-references
    • Functions
    • Events
    • Type information
    • Structures and enums
    • Debugger
    • User interface
    • Graphing
    • Decompiler framework
  • Plugin programming
    • General guidelines
    • Plugin samples/exercises
      • Colorizer
      • Object extractor
      • Debugger helper
      • Type information
      • Graph plugin
      • Processor extension
      • Reaction to events

What do you need to attend this training?

  • An IDA license with active support period. We will provide you with the latest version at the training. The package will include a free time-limited copy of the decompiler.
  • For standard class, good x86 assembly knowledge is required, basic MS Windows API, basic programming skills in any procedural programming languages (C++ is preferred)
  • For the advanced class, a working C++ compiler is necessary (Visual Studio on Windows, g++ on Linux, clang++ on OS X). This class also requires IDA user skills, programming skills in C/C++ languages, and solid reverse engineering experience.

For who?

  • Security Engineers,
  • Security Software Developers
  • Researchers
  • Forensic Specialists
  • Virus Analysts
  • Software Validator