This course covers the fundamentals of reverse engineering and static malware analysis. Students will learn about visual inspection, disassembly using tools like IDA Pro and Ghidra, working with structures, applying structures, creating IDA plugins and Ghidra scripts, and analyzing source code. The teaching method includes lectures and practical demonstrations. The course is intended for individuals interested in cybersecurity, reverse engineering, and malware analysis.
Overview
Syllabus
Intro
The boring disclaimer
A few definitions
Why bother?
The sample
visual inspection
The checklist
Tools of the trade
disassembly, IDA Pro
Stage 2: disassembly, Ghidra
Stage 2: Structures!
Stage 2: Structures. This is the IDA way.
Stage 2: Structures. The Ghidra way.
Stage 2: Structures. The hard way.
Stage 2: Structures. The hard way, in Ghidra
Stage 2: Applying structures, IDA Pro
Stage 2: Fields of structures
Stage 2: Local types
Stage 2: Applying structures, Ghidra
Stage 2: Next pointer
Stage 2: Next steps
Stage 2: Where to next?
Now you make the tools
Stage 3: The task
Stage 3: IDA plugin
Stage 3: Ghidra script
Stage 3: Common parts
Stage 3: The data
Stage 3: Action!
Stage 3: The source code
Areas for development
Taught by
Kaspersky
