Study at your own pace
ARES comes with life-time access to highly technical course material and guided exercises. Learn at your own pace through the PDF's and the HQ video material included.
Enroll now and get access to all of our material and labs!
Plans and Pricing
The first three chapters aim to cover all the necessary theory as well as the concepts on which the practical part of this course is based. We will start with a short description about what Reverse Engineering is and the reasons why someone might need it, and then we’ll proceed with more technical concepts. During the first three chapters we will be discussing the basics behind the Intel IA-32 CPU architecture (x86), the stack, the heaps, as well as exceptions, Windows APIs with some Windows Internals, and the most common types of reversing tools used these days
So here we are in the second chapter, which is also dedicated to theoretical knowledge necessary for this course. What you always need to keep in mind during this course, is that ‘theoretical’ doesn’t actually mean that you might need it…or not. In fact, the theory discussed during these first three chapters covers all the fundamental knowledge and the concepts that you will need, not just for this course and its technical assignments, but for the rest of your time as a reverser
The third chapter of this course aims to offer some extra theoretical knowledge necessary for the rest of the course. During this chapter we will briefly touch on the concept of heaps, we will discuss handles, exceptions, some basic Windows Ring3 Internal structures, and we’ll review Windows APIs. Finally, we’ll go through the most common types of reversing tools used today for software reverse engineering.
In this chapter we will be discussing virtual addresses, relative virtual addresses, offsets, as well as some basic information regarding the Portable Executable File Format which describes the basic structure of all Windows executable files.
This chapter is dedicated to ‘String References’ as well as Basic Memory and File Patching. We demonstrate the use of data strings in order to locate the algorithm we are interested into and then we reverse its logic. Finally, we explain how we can manually calculate the offset of a byte inside the physical file by knowing its virtual address in memory
This chapter focuses on exploring the data that we can retrieve from the stack in order to trace back an algorithm. A very important technique when we have to deal with on the fly encryption and decryption of data
During this chapter we dig deep into Reverse Engineering by analyzing in detail all the important algorithms of the executable which include the data encryption/decryption algorithm as well as the input data validation algorithm.
This chapter is dedicated to Windows Registry. We start with an overview of this important Windows component and then we proceed with the detailed analysis of an executable that attempts to read data from the registry and validate it according to a custom algorithm which we finally Reverse Engineer. Furthermore during this chapter we also make use of Hardware Breakpoints and we demonstrate their importance.
During this chapter we Reverse Engineer an executable that attempts to locate a specific file in the system and read data from it. In addition, we once more analyze in detail the custom algorithm used to validate that data in order to extend our skills in Reverse Engineering custom algorithms.
This is the first chapter dedicated to Anti-Reversing tricks which includes some basic direct and indirect ways to detect a Ring3 debugger.
In this chapter we continue talking about Anti-Reversing tricks regarding debuggers and reversing tools detection methods.
This chapter is again focused on Anti-Reversing tricks. In this case we discuss differences between SW and HW breakpoints and how these can be detected. We also talk about more advanced tricks that involve the use of exceptions, and finally we talk about some well-known methods for detecting a few popular VM environments.
In this chapter we discuss about different types of native code obfuscation methods. We explain how these are implemented, what are the obstacles that can create and how we can analyze and cleanup obfuscated code.
This chapter focuses on executables packers and more specifically on different generic methods that we can use in order to successfully find the Original Entry Point of applications packed with common packers. We give practical examples and we unpack them together for fun and knowledge.
In this chapter we will be discussing about the debugging and the analysis of multi-thread applications, or in other words of applications that are able to execute various blocks of code via different threads. Reverse Engineering multi-thread applications can sometimes be quite frustrating, especially for beginners.
ARES is a heavily practical training course on Reverse Engineering. As such you will find a number of practical sessions throughout the training course that will help you dig into main course topics and learn even more. The 10 different Windows applications are provided with the course. You will analyse and reverse engineer them step by step, guided by videos and PDF materials. Students who successfully perform all of the practical sessions have proven to be able to reverse engineer the majority of Windows applications available today.
Lab ID | Description | Category |
---|---|---|
Lab 1 | String References & Basic Patching | Technical part |
Lab 2 | Exploring the stack | Technical part I |
Lab 3 | Algorithm Reversing | Technical part I |
Lab 4 | Windows Registry Manipulation | Technical part I |
Lab 5 | File manipulation | Technical part I |
Lab 6 | Anti Reversing tricks I | Technical part II |
Lab 7 | Anti Reversing tricks II | Technical part II |
Lab 8 | Anti Reversing tricks III | Technical part II |
Lab 9 | Code Obfuscation | Technical part II |
Lab 10 | Analyzing Packers & Manual Unpacking | Technical part II |
Kyriakos Economou has more than 9 years of experience in the field of Reverse Engineering in Windows OS systems, including the analysis of custom/commercial software protections,executable packers, and other third party algorithms. He is also the author of Shellter (www.shellterproject.com), the first fully dynamic shellcode injector. In the past he was the author of several Reverse Engineering Challenges including those for Athcon 2011, 2012, and co-author for the challenge for Athcon 2013. Apart from malware analysis and anti-reversing techniques he is also interested into security research, and exploit development. In the past few years he has found several critical vulnerabilities in software products of various well-known vendors. Kyriakos has been an instructor for this course until July 2016.
Enroll now and get access to all of our material and labs!