BlackHoodie Virtual will be one virtual class on x86-64 Reverse Engineering, introductory level, split up into 4 two-hour chunks. The trainings will happen October 26 & 29, and November 2 & 5, from 8-10am Pacific Time. Classes will be very hands-on, I do have slides, but only for warm up, and most of the time we'll be spending inside tools.
The training will be introductory, but very fast paced. Without prior experience on the subject the students are advised to diligently do their homework :) The RE learning curve is steep and 8h isn't much. The prerequisites are having a computer with internet connection, ideally Windows on x86-64 hardware, otherwise a Windows virtual machine will do. You'll need to be able to install and run IDAPro Community edition, Ghidra, HxD, CFF Explorer and a text editor of choice.
Having coded in C before and some basic understanding of CPU architecture are very beneficial. Focus of the training will be Windows 64bit binaries, written in C.
Tools to install:
https://www.hex-rays.com/products/ida/support/download_freeware/ - get IDAPro Freeware (only disassembles x86-64, no debugger)
https://www.ghidra-sre.org/ - download and install Ghidra, pay attention to the JDK instructions
https://mh-nexus.de/en/hxd/ - get HxD 2.4
https://ntcore.com/?page_id=388 - get the CFF Explorer standalone
The topics we will cover:
- x86-64 Assembly
- Binary control flow
- Functions, function stack and calling conventions
- Binary formats
- OS API
- Disassemblers & Debuggers
- Exercises
- Exercises
- Exercises