Call 1-800-305-3855 for more information on available plans and pricing
Study at your own pace
ARES comes with life-time access to highly technical course material and guided exercises. Learn at your own pace through the PDF’s and the HQ video material included.
ARES comes with a number of downloadable executables that you will reverse engineer guided by step by step video labs. In depth explanation of every technique is provided.
Obtain the eCRE certification and prove your theoretical understanding and practical skills on Reverse Engineering
Course at a glance
- Learn from a world renown professional reverse engineer
- Start from the basics up to highly technical chapters
- Learn about IA-32 CPU Architecture
- Learn about functions, stack frames, heaps, exceptions, important Ring3 Windows internal structures, PE file format
- Master ImmunityDBG
- Learn about important Ring3 Windows Internal Structures
- Learn different methods to locate the important algorithms
- Understand and bypass Anti-Reversing techniques
- Perform full manual unpacking on packed executables
- Practice based course with dozens of guided exercises
- Challenge your mind with hardcore technical topics
- After obtaining the eCRE certification qualifies you for 40 CPE
- 6 hours of video training material
- 15 highly technical modules
- 10 Win32 applications to reverse engineer
- Self-paced / HTML5, PDF, MP4
- Off-line access available
- Access from PC, Tablet and Smartphone
- Module 1 : The necessary theory Part 1
The first three chapters aim to cover all the necessary theory as well as the concepts on which the practical part of this course is based. We will start with a short description about what Reverse Engineering is and the reasons why someone might need it, and then we’ll proceed with more technical concepts. During the first three chapters we will be discussing the basics behind the Intel IA-32 CPU architecture (x86), the stack, the heaps, as well as exceptions, Windows APIs with some Windows Internals, and the most common types of reversing tools used these days
- Module 2 : The necessary theory Part 2
So here we are in the second chapter, which is also dedicated to theoretical knowledge necessary for this course. What you always need to keep in mind during this course, is that ‘theoretical’ doesn’t actually mean that you might need it…or not. In fact, the theory discussed during these first three chapters covers all the fundamental knowledge and the concepts that you will need, not just for this course and its technical assignments, but for the rest of your time as a reverser
- Module 3 : The necessary theory Part 3
The third chapter of this course aims to offer some extra theoretical knowledge necessary for the rest of the course. During this chapter we will briefly touch on the concept of heaps, we will discuss handles, exceptions, some basic Windows Ring3 Internal structures, and we’ll review Windows APIs. Finally, we’ll go through the most common types of reversing tools used today for software reverse engineering.
- Module 4 : VA/RVA/OFFSET and PE file format
In this chapter we will be discussing virtual addresses, relative virtual addresses, offsets, as well as some basic information regarding the Portable Executable File Format which describes the basic structure of all Windows executable files.
- Module 5 : String references and basic patching
This chapter is dedicated to ‘String References’ as well as Basic Memory and File Patching. We demonstrate the use of data strings in order to locate the algorithm we are interested into and then we reverse its logic. Finally, we explain how we can manually calculate the offset of a byte inside the physical file by knowing its virtual address in memory
- Module 6 : Exploring the Stack
This chapter focuses on exploring the data that we can retrieve from the stack in order to trace back an algorithm. A very important technique when we have to deal with on the fly encryption and decryption of data
- Module 7 : Algorithm reversing
During this chapter we dig deep into Reverse Engineering by analyzing in detail all the important algorithms of the executable which include the data encryption/decryption algorithm as well as the input data validation algorithm.
- Module 8 : Windows Registry manipulation
This chapter is dedicated to Windows Registry. We start with an overview of this important Windows component and then we proceed with the detailed analysis of an executable that attempts to read data from the registry and validate it according to a custom algorithm which we finally Reverse Engineer. Furthermore during this chapter we also make use of Hardware Breakpoints and we demonstrate their importance.
- Module 9 : File manipulation
During this chapter we Reverse Engineer an executable that attempts to locate a specific file in the system and read data from it. In addition, we once more analyze in detail the custom algorithm used to validate that data in order to extend our skills in Reverse Engineering custom algorithms.
- Module 10 : Anti-Reversing tricks Part 1
This is the first chapter dedicated to Anti-Reversing tricks which includes some basic direct and indirect ways to detect a Ring3 debugger.
- Module 11 : Anti-Reversing tricks Part 2
In this chapter we continue talking about Anti-Reversing tricks regarding debuggers and reversing tools detection methods.
- Module 12 : Anti-Reversing tricks Part 3
This chapter is again focused on Anti-Reversing tricks. In this case we discuss differences between SW and HW breakpoints and how these can be detected. We also talk about more advanced tricks that involve the use of exceptions, and finally we talk about some well-known methods for detecting a few popular VM environments.
- Module 13 : Code obfuscation
In this chapter we discuss about different types of native code obfuscation methods. We explain how these are implemented, what are the obstacles that can create and how we can analyze and cleanup obfuscated code.
- Module 14 : Analyzing Packers and Manual Unpacking
This chapter focuses on executables packers and more specifically on different generic methods that we can use in order to successfully find the Original Entry Point of applications packed with common packers. We give practical examples and we unpack them together for fun and knowledge.
- Module 15 : Debugging Multi-thread applications
In this chapter we will be discussing about the debugging and the analysis of multi-thread applications, or in other words of applications that are able to execute various blocks of code via different threads. Reverse Engineering multi-thread applications can sometimes be quite frustrating, especially for beginners.
- Basic understanding of x86 assembly language – Covering assembly programming is beyond the scope of the course
- Knowledge of fundamental programming concepts such as variables, loops, functions etc.
This training course is for…
- Reverse Engineers with 0-2 yrs experience
- Malware analysts
- Penetration testers
ARES is a heavily practical training course on Reverse Engineering. As such you will find a number of practical sessions throughout the training course that will help you dig into main course topics and learn even more. The 10 different Windows applications are provided with the course. You will analyse and reverse engineer them step by step, guided by videos and PDF materials. Students who successfully perform all of the practical sessions have proven to be able to reverse engineer the majority of Windows applications available today.
|Lab 1||String References & Basic Patching||Technical part|
|Lab 2||Exploring the stack||Technical part I|
|Lab 3||Algorithm Reversing||Technical part I|
|Lab 4||Windows Registry Manipulation||Technical part I|
|Lab 5||File manipulation||Technical part I|
|Lab 6||Anti Reversing tricks I||Technical part II|
|Lab 7||Anti Reversing tricks II||Technical part II|
|Lab 8||Anti Reversing tricks III||Technical part II|
|Lab 9||Code Obfuscation||Technical part II|
|Lab 10||Analyzing Packers & Manual Unpacking||Technical part II|