Course Description
The reverse-engineering of binaries is an essential skill for anyone who performs malware analysis. It's considered as is one of the most powerful and highly demanded skills in the cybersecurity industry.
In the Reverse Code Engineering course, you will learn step by step "how to perform advanced static code analysis by applying reverse-engineering techniques on malware samples.
Throughout this course, you will be practically dealing with real malware analysis. By the end of the course, you will have the necessary knowledge and skills that enable you to begin the process of malware reverse engineering using IDA Pro and
Ghidra as disassemblers.
What you'll learn
After completing this course you will be able to :
-
Understand the way MS Windows works internally (processes, threads, registry, handles, virtual memory, etc...).
-
Understand how high-level code compiles into machine code.
-
Read assembly code (for the x86 architecture) and understand what it does.
-
Differentiate between all types of operations in x86 assembly (Data moving, Arithmetic, Bitwise and Logical, Control transfer & Branching, String, others).
-
Recognize common code constructs (loops, switch-cases, arrays, structs, etc...) when seeing them in x86 assembly.
-
Examine the stack layout inside and outside a function.
-
Differentiate between global and local variables inside Functions in x86 assembly.
Use IDA Pro for manual code review of malware (advanced static analysis)
-Install IDA Pro and use all of its features (Navigation Bar, Graph View, Text & Proximity Views, other useful Subviews, GoTo, Commandbar, etc...).
-Search for instructions and opcodes.
-Display chart of xRefs from/to addresses.
-Rename Any Address & Add Comments.
-Change data formatting (Number to Character or Decimal Representation) / (operand to symbolic constant) / (unexplored bytes to data).
-Use the python command line.
-Execute Script (IDC or Python) File.
-Install and Use Plugins (highlight calls, mkYARA, FindCrypt, Snowman Decompiler).
-Follow malicious strings & imports (concluded from Basic Analysis), then Reverse-Engineer and understand functions.
-Reverse the callback function for a Low-Level Keyboard Hook.
Reverse Engineering Malware with Ghidra
-Install Ghidra and setup your first project.
-Utilize Ghidra to perform reverse engineering of malware.
-Maximize the user interface to aid in your reverse engineering goals.
-Use Ghidra in Batch Import.
-Decompile JVM bytecode & ELF MIPS file.
-Use Scripts in Ghidra.
-Analyze main(), DllMain() functions.
-Edit the signature/prototype of a function.
Requirements
complete Malware analysis fundamentals Course.