Introduction to Reverse Engineering
Rapidly identify areas of vulnerability in software then target those areas with surgical precision? How can you exercise specific code paths with assurance while monitoring precisely your applications behavior? How can you log bug after bug while your teammates watch with envy? The answer lies in one of the most powerful techniques you can apply to software. Technology so lethal to executing software, it’s almost not fair.
|Contact Hours:||40 hr Lecture 32 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (100% face-to-face) or Hybrid|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
Sample Job Titles:
Application Security Tester
Information Systems Security Engineer
Quality Assurance (QA) Tester
Research & Development Engineer
Research & Development Research Engineer
Security Systems Engineer
Software Quality Assurance (QA) Engineer
Software Quality Engineer/ Systems Engineer
Testing and Evaluation Specialist/ Web App Developer
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
- Students will be able to produce software components that satisfy their functional requirements without introducing vulnerabilities
- Students will be able to describe the characteristics of secure programming
Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation
Tools for class -Whois, Google Hacking, Nslookup , Sam Spade, Traceroute , NMap , HTTrack , Superscan , Nessus, PSTool, Nbtstat, Solarwinds ,Netcat , John the ripper , Nikto/Wikto ,Web Scarab , HTTP Tunnel (hts.exe) , LCP ,Cain and Abel, Ettercap system hacking ,John the Ripper Wireshark sniffers, TCP dump, D sniff , tcpdump, Metasploit, ISS exploit, web app,Core Impact , Snort , Infostego, Etherape ,Firefox with plugins (Hackbar, XSSme...) ,, ebgoat, IDA Pro, Saint, X Wget, Cyrpto tool, 'Curl' Fortify, Ounce.
complimentary skill set that will immediately set you apart from your peers. Reverse engineering training they will never look at software quite the same again. learn the foundation for acquiring data, identify vulnerable hot spots' in your application.
hex editors, disassemblers, resource editors.
Shatter the myth that binary code represents unintelligible and unchangeable hexadecimal values. You learn the basics of assembly language on the Intel architecture. The knowledge gained in this first segment on assembly will be one of the key building blocks to understanding the output of common reverse engineering tools and learning to write exploit code for buffer overruns. The class will then proceed to teach you how to use IDA Pro, the most powerful and widely used disassembler on the market. During this course you will be exposed to several such tools including SoftIce and Holodeck (our powerful fault injection tool).
Next, we give you insight into the most common security flaw that plagues modern software the buffer overflow. We will dissect this type of vulnerability in depth and walk you through the anatomy of a buffer overflow. After this introduction, we then proceed through hands-on exercises to help you uncover potential buffer overflows in applications using tools such as IDA Pro and Olly Debugger. Next, we proceed to teach you how to determine if a buffer overflow is exploitable and the theory behind exploits.
Who Should Attend?
This is an essential course for software testers, software developers, development and test managers, and anyone involved in software production.
Lesson Plan 40 hrs lecture/ 32 hrs labs
1 hrs Lecture 1 hr Labs
Lesson 1 I. Introduction to Reverse Engineering
State of the art
4 hrs Lecture 2 hr Labs
II. Assembly for Reverse Engineers
Instruction set review
High-level language mapping
Lesson 2 4 hrs Lecture 4 hr Labs
III. The Reverse Engineers Toolset
Lesson 3 4 hrs Lecture 5 hr Labs
IV. Vulnerability analysis and exploitation using reverse engineering techniques
Intro to IDAPro
Lesson 4 3 hrs Lecture 4 hr Labs
V. Finding Vulnerabilities through Binary Scanning
- Problem scope
- Vulnerable functions
- High level language
- Binary signatures
- Hands on: Scripting IDA to recognize vulnerabilities in binary code
Lesson 5 4 hrs Lecture 4 hr Labs
VI. Bug Advocacy: Exploiting Vulnerabilities
Locating code flaws with hostile testing
Engineering op code exploits
Hands on: Intro Shell code lab
Hands on: Advanced shell code lab
1 hrs Lecture 0 hr Labs
VII. Wrap up
Course summary and closing
75 question Online exam
Grades -All students must ordinarily take all quizzes, labs, final exam, and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. However, what ultimately matters in this course is not so much where you end up relative to your classmates but where you end up relative to yourself in on Friday of class. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while your mitigating the threat step by step.
Books - No books are required for this course. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below. The first is intended for those inexperienced in (or less comfortable with the idea of) hacking. The second is intended for those experienced in (or more comfortable with the idea of) hacking. Both are available at sites like Amazon.com. Both are avail at the SU Hacker Library. Realize that free, if not superior, resources can be found on the SU website.
Those Less Comfortable - Hacking for Dummies, Kevin Beaver - Publication Date: January 29, 2013 | ISBN-10: 1118380932 | Edition: 4
For Those More Comfortable The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy by Patrick ngebretson (Jun 24, 2013)
The book below is recommended for those interested in understanding how their own computers work for personal edification
How Computers Work, Ninth Edition Ron White Que Publishing, 2007 ISBN 0-7897-3613-6
This last book below is recommended for aspiring hackers, those interested in programming techniques and low-level optimization oode for applications beyond the scope of this course. Hacker’s Delight, Second Edition Henry S. Warren Jr. Addison-Wesley,