eLearnSecurity

HomeCourses ARES

ARES

Advanced Reverse Engineering of Software

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing

INDIVIDUALS

View enrollment fees for individual students.

CORPORATE

Purchase eLearnSecurity courses for your company.

Study at your own pace

ARES comes with life-time access to highly technical course material and guided exercises. Learn at your own pace through the PDF's and the HQ video material included.

Discover Contents

Extremely Hands-on

ARES comes with a number of downloadable executables that you will reverse engineer guided by step by step video labs. In depth explanation of every technique is provided.

Discover Labs

Become Certified

Obtain the eCRE certification and prove your theoretical understanding and practical skills on Reverse Engineering.

Discover eCRE

Course at a glance

  • Learn from a world renown professional reverse engineer
  • Start from the basics up to highly technical chapters
  • Learn about IA-32 CPU Architecture
  • Learn about functions, stack frames, heaps, exceptions, important Ring3 Windows internal structures, PE file format
  • Master ImmunityDBG
  • Learn about important Ring3 Windows Internal Structures
  • Learn different methods to locate the important algorithms
  • Understand and bypass Anti-Reversing techniques
  • Perform full manual unpacking on packed executables
  • Practice based course with dozens of guided exercises
  • Challenge your mind with hardcore technical topics
  • After obtaining the eCRE certification qualifies you for 40 CPE

Course material

  • 6 hours of HQ video training material
  • 15 highly technical modules
  • 10 Win32 applications to reverse engineer

Course delivery

  • Self-paced / PDF format
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.

Syllabus

Section: Theoretical

  • Module 1 : The necessary theory Part 1

    The first three chapters aim to cover all the necessary theory as well as the concepts on which the practical part of this course is based. We will start with a short description about what Reverse Engineering is and the reasons why someone might need it, and then we’ll proceed with more technical concepts. During the first three chapters we will be discussing the basics behind the Intel IA-32 CPU architecture (x86), the stack, the heaps, as well as exceptions, Windows APIs with some Windows Internals, and the most common types of reversing tools used these days

  • Module 2 : The necessary theory Part 2

    So here we are in the second chapter, which is also dedicated to theoretical knowledge necessary for this course. What you always need to keep in mind during this course, is that ‘theoretical’ doesn’t actually mean that you might need it…or not. In fact, the theory discussed during these first three chapters covers all the fundamental knowledge and the concepts that you will need, not just for this course and its technical assignments, but for the rest of your time as a reverser

  • Module 3 : The necessary theory Part 3

    The third chapter of this course aims to offer some extra theoretical knowledge necessary for the rest of the course. During this chapter we will briefly touch on the concept of heaps, we will discuss handles, exceptions, some basic Windows Ring3 Internal structures, and we’ll review Windows APIs. Finally, we’ll go through the most common types of reversing tools used today for software reverse engineering.

  • Module 4 : VA/RVA/OFFSET and PE file format

    In this chapter we will be discussing virtual addresses, relative virtual addresses, offsets, as well as some basic information regarding the Portable Executable File Format which describes the basic structure of all Windows executable files.

Section: Technical

  • Module 5 : String references and basic patching

    This chapter is dedicated to ‘String References’ as well as Basic Memory and File Patching. We demonstrate the use of data strings in order to locate the algorithm we are interested into and then we reverse its logic. Finally, we explain how we can manually calculate the offset of a byte inside the physical file by knowing its virtual address in memory

  • Module 6 : Exploring the Stack

    This chapter focuses on exploring the data that we can retrieve from the stack in order to trace back an algorithm. A very important technique when we have to deal with on the fly encryption and decryption of data

  • Module 7 : Algorithm reversing

    During this chapter we dig deep into Reverse Engineering by analyzing in detail all the important algorithms of the executable which include the data encryption/decryption algorithm as well as the input data validation algorithm.

  • Module 8 : Windows Registry manipulation

    This chapter is dedicated to Windows Registry. We start with an overview of this important Windows component and then we proceed with the detailed analysis of an executable that attempts to read data from the registry and validate it according to a custom algorithm which we finally Reverse Engineer. Furthermore during this chapter we also make use of Hardware Breakpoints and we demonstrate their importance.

  • Module 9 : File manipulation

    During this chapter we Reverse Engineer an executable that attempts to locate a specific file in the system and read data from it. In addition, we once more analyze in detail the custom algorithm used to validate that data in order to extend our skills in Reverse Engineering custom algorithms.

  • Module 10 : Anti-Reversing tricks Part 1

    This is the first chapter dedicated to Anti-Reversing tricks which includes some basic direct and indirect ways to detect a Ring3 debugger.

  • Module 11 : Anti-Reversing tricks Part 2

    In this chapter we continue talking about Anti-Reversing tricks regarding debuggers and reversing tools detection methods.

  • Module 12 : Anti-Reversing tricks Part 3

    This chapter is again focused on Anti-Reversing tricks. In this case we discuss differences between SW and HW breakpoints and how these can be detected. We also talk about more advanced tricks that involve the use of exceptions, and finally we talk about some well-known methods for detecting a few popular VM environments.

  • Module 13 : Code obfuscation

    In this chapter we discuss about different types of native code obfuscation methods. We explain how these are implemented, what are the obstacles that can create and how we can analyze and cleanup obfuscated code.

  • Module 14 : Analyzing Packers and Manual Unpacking

    This chapter focuses on executables packers and more specifically on different generic methods that we can use in order to successfully find the Original Entry Point of applications packed with common packers. We give practical examples and we unpack them together for fun and knowledge.

  • Module 15 : Debugging Multi-thread applications

    In this chapter we will be discussing about the debugging and the analysis of multi-thread applications, or in other words of applications that are able to execute various blocks of code via different threads. Reverse Engineering multi-thread applications can sometimes be quite frustrating, especially for beginners.

Download PDF Syllabus

Pre-requisites

  • Basic understanding of x86 assembly language - Covering assembly programming is beyond the scope of the course
  • Knowledge of fundamental programming concepts such as variables, loops, functions etc.

This training course is for...

  • Reverse Engineers with 0-2 yrs experience
  • Malware analysts
  • Penetration testers

Labs

ARES is a heavily practical training course on Reverse Engineering. As such you will find a number of practical sessions throughout the training course that will help you dig into main course topics and learn even more. The 10 different Windows applications are provided with the course. You will analyse and reverse engineer them step by step, guided by videos and PDF materials. Students who successfully perform all of the practical sessions have proven to be able to reverse engineer the majority of Windows applications available today.

Lab IDDescriptionCategory
Lab 1 String References & Basic Patching Technical part
Lab 2 Exploring the stack Technical part I
Lab 3 Algorithm Reversing Technical part I
Lab 4 Windows Registry Manipulation Technical part I
Lab 5 File manipulation Technical part I
Lab 6 Anti Reversing tricks I Technical part II
Lab 7 Anti Reversing tricks II Technical part II
Lab 8 Anti Reversing tricks III Technical part II
Lab 9 Code Obfuscation Technical part II
Lab 10 Analyzing Packers & Manual Unpacking Technical part II

Certification

Get eCRE Certification

The eCRE (eLearnSecurity Certified Reverse Engineer) certification proves that you have the hands-on skills of a reverse engineer.

Learn more

Instructor

  • Kyriakos Economou
    Kyriakos Economou

    Kyriakos Economou has more than 9 years of experience in the field of Reverse Engineering in Windows OS systems, including the analysis of custom/commercial software protections,executable packers, and other third party algorithms. He is also the author of Shellter (www.shellterproject.com), the first fully dynamic shellcode injector. In the past he was the author of several Reverse Engineering Challenges including those for Athcon 2011, 2012, and co-author for the challenge for Athcon 2013. Apart from malware analysis and anti-reversing techniques he is also interested into security research, and exploit development. In the past few years he has found several critical vulnerabilities in software products of various well-known vendors. Kyriakos has been an instructor for this course until July 2016.

Enroll now and get access to all of our material and labs!

Plans & PricingTry the course first
Go to top of page