Mosse Cyber Security Applied Reverse Engineering

Length

3 days

Price

$3300.00 (inc GST)

This three day course combines a deep understanding of reverse engineering with rapid triage techniques to provide students with a broad capability to analyse malicious artifacts uncovered during incident response.

Hardware Requirements:

  • The students are responsible for bringing their laptops to the course.
  • Internet is provided by the training provider.
  • Attendees will have to install a VPN client to connect to the security lab infrastructure.
  • Attendees are required to have an RDP client (installed by default on all Windows machines)

Software Requirements:

  • Windows Windows 7 or above
  • A copy of IDA Pro version 6.0 or greater
  • Administrative privileges on your laptop
  • Virtualization Software
  • Custom VM labs will be provided
  • RDP Client

 

Please be advised that this is a reseller course which is not held at DDLS. Students are expected to organise their own meals.

Skills Gained

This course will equip students with the skills required to keep up with modern malware and rapidly extract the most valuable and pertinent data to their investigations, including Indicators of Compromise (IOCs).

Rapid Reverse Engineering includes considerable lab time utilising replicated enterprise networks and attacks. Students will leave with an understanding of:

  • How real world attacks are carried out
  • File triage processes and techniques
  • Intelligence extraction techniques from malware
  • How to deal with binary obfuscation techniques
  • How to get indicators from a file in a hurry
Key Topics

Rapid inspection of various file formats

  • Metadata extraction from PE, PDF, and Office docs
  • Finding buried artifacts in files
  • Mobile malware metadata analysis

Assured Dynamic Analysis

  • Extracting Host IOCs from file formats with dynamic analysis
  • Working with DLLs
  • Splatter network IOC extraction and log file analysis
  • Memory Analysis

Assembly 

  • X86 zero to hero
  • ARM zero to hero

Process Tracing for Rapid File Assessments

  • Intro to Intel PIN
  • Code tracing with Pin
  • Shellcode analysis with Pin

IDA Efficiencies

  • Intro to IDA Scripting
  • x86 emulation
  • De-obfuscation techniques

Unpacking 

  • Using IDA for unpacking assistance
  • Unpacking in-memory

Android Auto Analysis

  • Android Internals
  • APK Reversing By Hand
  • Automated APK Reversing
  • ARM Bindings and Android
Target Audience

Malware Analyst, Security Analyst, Digital Forensics Investigator, Cyber Incident Responder

Prerequisites
  • Basic understanding of the Windows operating system and utilities; basic understanding of what the assembly programming language is and the benefits of reverse engineering;
  • Recommended to have worked in IT in a technical role for at least 1 or 2 years.

The supply of this course by ACTE Pty Ltd (trading as DDLS) is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.

Course Availability

Please call DDLS on 1800 U LEARN (1800 853 276) or register your interest below.

Pre-Course Requirements

DDLS offers this training through a third party. This arrangement requires DDLS to provide your details to our partner for course registration purposes.