Infosec’s hands-on Reverse Engineering Boot Camp teaches you the necessary analysis skills to discover the true nature of any Windows binary. You’ll learn how to recognize the high-level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a binary. After learning these important introductory skills, you will advance to the analysis of hostile code and malware, vulnerabilities in binaries, binary obfuscation schemes and more.

You will gain hands-on experience with popular commercial and open-source decompilers and debuggers, as well as learn how to use various hex editors, binary analysis programs and code coverage analyzers. The boot camp also prepares you to pass the Certified Reverse Engineering Analyst (CREA) exam.

• Five days of training with an expert reverse engineering instructor
• Infosec proprietary digital courseware (physical textbooks available to purchase)
• Certified Reverse Engineering Analyst (CREA) exam voucher
• 90-day access to cyber range (Flex Pro)
• 90-day access to course replays (Flex Pro)
• Curated videos from other top-rated instructors (Flex Pro)
• 100% Satisfaction Guarantee
• Exam Pass Guarantee (Flex Pro)

Learn the methodologies, tools, and manual reversing techniques used in real-world situations in our cloud-hosted reversing engineering lab. You’ll learn how to analyze:

• Hostile code and malware, including ransomware, worms, viruses, Trojans, rootkits and bots
• Vulnerabilities in binaries, including format string vulnerabilities, buffer overflow conditions and the identification of flawed cryptographic schemes
• Binary obfuscation schemes used by hackers, Trojan writers and copy protection algorithms
• Additionally, you will learn how to recognize the features of modern optimizing compilers and how to use various hex editors, binary analysis programs and code coverage analyzers

• Malware analysts
• Security researchers
• Professionals looking to gain a technical understanding of malware
• Anyone looking to improve their malware analysis and reverse engineering skills

• Firm understanding of the Windows Operating System
• Firm understanding of computer architecture concepts
• Grasp of the TCP/IP protocols

If you are unsure if you meet the required prerequisites, contact us for a quick network security training skill check.

Infosec’s courseware materials are always up to date and synchronized with the latest CREA exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

We don’t just have great instructors, our instructors have years of industry experience and are recognized as experts. Over the past 15 years, we’ve helped tens of thousands of students get certified and advance their careers.

Day 1: Introduction to malware analysis and reverse engineering
Day one focuses on the fundamental knowledge required for malware analysis and reverse engineering. This day is designed to build critical skills required to proceed further into deeper discussions on reversing. You will also train on special purpose reversing debuggers and disassemblers. Lab exercises will focus on functionality of various reversing tools and basic static and dynamic analysis process.

• Basic static and dynamic analysis
• Reverse engineering concepts and legality
• Machine code
• Assembly language
• System- and code-level reversing
• Assembly basics (registers, operands, instructions)
• Fundamentals of reverse engineering tools (IDA Pro, Radare2)

Day 2: Static and dynamic analysis
Day two encompasses a deep discussion with hands-on content for reversing Windows binaries. Key concepts include identifying code paths, control functions and developing a general understanding of the code to be analyzed. Debugging concepts are introduced and practiced in hands-on lab exercises.

• Recognizing C Code constructs in assembly
• Windows API
• Windows Registry
• Network APIs
• DLLs
• Processes, threads and services
• Debugging process (stepping, breakpoints, modifying execution)
• Kernel debugging
• Debugging tools

Day 3: Analyzing malware functionality and behavior
Day three includes detailed coverage on reverse engineering malware. Focus is on live malware reversing using examples of viruses, Trojans and rootkits collected from the wild.

• Understanding common malware types and functionality
• Process injection and replacement
• DLL injection
• Direct, hook and APC injection and other malware launching technique

• Registry persistence
• Svchost.exe
• Trojanized system binaries
• DLL load order hijacking
• Malware network behavior analysis
• Kernel mode rootkits (SSDT hooking, interrupts)
• User mode rootkits

Day 4: Anti-reversing techniques
Day four works with various anti-reversing techniques that software developers and malware writers put in place to make reverse engineering more difficult.

• Basic anti-reversing strategies
• Anti-disassembly
• Detecting debuggers
• Detecting VM presence
• Analyzing packed executables
• Popular packers (UPX, PECompact, ASPack, etc.)
• Simple obfuscation techniques (XOR swap, junk code, etc.)
• Obscuring through data flow and control flow
• Constant unfolding
• Deobfuscation tools
• Base64 and other encoding schemes
• Common ciphers and encoding schemes
• Reversing ransomware

Day 5: Advanced reversing topics & CREA exam
Day five covers advanced reversing topics as well as the CREA exam. The day ends with you taking the CREA exam.

• Recognizing C++ binaries
• Identifying constructors and destructors
• RTTI
• 64-bit architecture
• WoW64
• 64-bit analysis
• CREA exam overview
• CREA exam