Applied Reverse Engineering
This course combines deep understanding of reverse engineering with rapid triage
techniques to provide students with a broad capability to analyze malicious artifacts
uncovered during incident response. By tailoring the instruction to rapid assessment
of binaries, we equip students with the skills required to keep up with modern malware
and rapidly extract the most valuable and pertinent data to their investigations,
including Indicators of Compromise (IOCs). Rapid RE includes considerable lab time
utilizing replicated enterprise networks and attacks as observed in the wild.
Students will leave with an understanding of:
- How real world attacks are carried out
- File triage processes and techniques
- Intelligence extraction techniques from malware
- How to deal with binary obfuscation techniques
- How to get indicators from a file in a hurry
Students will spend a significant amount of time creating their own custom tools in a
lab environment. The labs are designed around the students working through the following:
- Recognizing file format infections from various sources
- Advanced triage capabilities
- Extract host and network indicators from file format exploits
- Developing your own custom process trace capabilities for IOC extraction
- Rapid shell code analysis using the not so common tools and techniques
- Rapid binary de-obfuscation techniques with IDA Pro and Debuggers
- Rapid unpacking techniques
The labs will be interwoven into the lecture so that students will receive a
significant amount of time exercising these new skills as they learn. By the end of the class
students will have spent 50% of the time in a lab environment. A significant portion of the
class will be dedicated to building new tools, on the fly, to solve the challenges posed
by a difficult adversary.
This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.
Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.