MCD - Certified Code Deobfuscation Specialist

Overview

MCSI Certification Programs are truly worldclass with cutting-edge content that offers you uniquely-designed, hands-on practical and challenging exercises that teach skills immediately applicable in the field towards benefiting career advancement.

This Certification has no expiry date, no renewal fees, no hidden fees, and is accessible with no time limits.

MCSI Certified Code Deobfuscation Specialist:
  • Defeat code-level obfuscation techniques to recover the original high-level code
  • Recover protected data such as IP addresses, domain names, keys and other strings
  • Recover the original malware architecture prior to its obfuscated state
  • Produce high-fidelity descriptions of what protected software code does

This Certification focuses 100% on teaching code deobfuscation techniques employed by Advanced Persistent Threats (APTs).

Career Outcomes

Individuals who have successfully achieved their MCD Certification can defeat code-level obfuscation techniques employed by APTs such as Control Flow Flattening, Opaque Predicates, and Virtual Machines. This Certification is aimed at malware analysts that want to develop code deobfuscation capabilities to join advanced reverse engineering teams.

Training Curriculum and Online Assessment

Students must successfully complete 100 practical exercises in MCSI's Online Learning Platform (OLP) prior to undertaking the Final Online Assessment to obtain this Certification.

As an MCSI Certified Code Deobfuscation Specialist you will be fully capable of performing the following:

  1. Apply and remove the following obfuscation techniques:
    • Control Flow Flattening
    • Dead Code
    • Disaligned Branches
    • Function argument randomisation
    • Garbage Insertion
    • Instruction Substitution
    • Merging and Splitting Functions
    • Mixed Boolean Arithmetics
    • Opaque Predicates
    • Split and Merge Variables
    • Virtual Machine Hardening
    • Virtualisation Obfuscation
  2. Develop automated solutions for program analysis:
    • Writing custom disassemblers to recover virtualised instructions
    • Developing Ghidra extensions to identify and remove code protections
    • Patching and rewriting binaries
    • Tracing instructions
    • Decrypting and decoding protected data
  3. Produce high-fidelity descriptions of obfuscated executable code
  4. Recover indicators of compromise protected with encryption and/or encoding
  5. Deobfuscate and recover protected code that can later be recompiled into a clean state

Why MCSI’s Code Deobfuscation Certification is World Class

  • World-Class Requirements Met Are Above Standard: Holders of the MCD Certification have completed 100 practical online exercises thus demonstrating that they have the skills and knowledge in the following areas: code protection analysis, code deobfuscation, program analysis, and program decompilation.
  • Manual Analysis: Students who have obtained this Certification have demonstrated that they have a full understanding of code protection techniques because they have first implemented and defeated them by hand and then developed automated solutions to deal with real-life APT samples.
  • APT Level: Students who have obtained MCD have demonstrated that they can deobfuscate APT malware samples protected with techniques such as Control Flow Flattening, Opaque Predicates and Virtualisation.