Training and Seminars

We are happy to announce the location and date of our annual European IDA Pro trainings. They will be held in the same hotel as the last year - Ramada Plaza Hotel - in December 2009:

• STANDARD IDA Pro training: 7-9 december
• PROGRAMMING for IDA Pro: 10-11 december

The tranining will have the theoretical and practical parts. After each section of the theoretical material, there will be hands-on exercises for deep understanding of the learned concepts and methods. We updated the training to include the latest additions: for example, the Bochs and Windbg debuggers will be covered. Also there will be more scripting exercises (in Python too).

The training will be held at the Ramada Plaza Hotel, Liege, Belgium.

Please mention Hex-Rays IDA Pro training when booking your room to get the preferential rate of 89 EUR per night (parking and breakfast included).

The cost:

• 2989 EUR (4260 USD) standard training
• 1989 EUR (2840 USD) advanced training

This includes: the class fee, the training handbook and DVD, lunch and coffee breaks.

The order form is available here: and

You will get a 10% discount if you order before 16 October 2009.

Requirements:

• An IDA license with active support period. There is no need to bring your copy of IDA with you, we will provide you with the latest version at the class. The package will include a free time-limited copy of the decompiler.
• Please bring your laptop with you. For the programming class, we will ask you to have a compiler installed (Visual Studio or Borland compilers are preferred).

Standard IDA Pro training (3 days)

IDA Pro - the binary software analysis tool

Who should attend: Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: in depth x86 assembly knowledge, basics MS Windows API, basic programming skills in any procedural programming languages (C/C++ is preferred)

This training will show how to use IDA Pro to analyze binary programs of modern operating systems. While the training will be mainly focused on programs running under MS Windows, the acquired methods and principles are universal: they can be used on any other platform as well.

Diverse topics will be covered during the training, including the following:

• IDA Pro overview
• Common executable file features
• Debugger
• IDC

• IDA features
• Memory organization
• FLIRT
• Type system
• IDS files

• Working with IDA Pro
• Creating the database: various information sources
• Various views of the database
• Navigation
• Modifying the listing
• Patching the program
• With all this information, how do I start my analysis?

• Working with high level data
• Arrays
• Structures
• Enumerations and bitfields

• Advanced operations
• Offsets
• Bulk operations
• Special structure types
• Function prototypes
• Processor specific issues

• Code obfuscation
• Overview of obfuscation techniques
• Countermeasures
• Exercises with several real-world sample files

The training material has been updated to cover the latest additions to IDA Pro.

Programming for IDA Pro (2 days)

IDA Pro - extending and building upon it

Who should attend: Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: IDA Pro user skills, programming skills in C/C++ languages

This training is intended for experienced IDA Pro users who want to take advantage of its open architecture by extending and improving it. You will learn how to write modules to modify the listing, react to events, decrypt/uncompress data right in the database, and many other things. After the course you will have solid understanding of its concepts, classes, and programming interface.

We will implement a few useful plugins. Be prepared to program a lot in this training!

C/C++ programming skills as well as solid reverse engineering experience are required.

• IDA Pro architecture overview
  • Modules
  • Memory representation
  • Database organization
• SDK
  • Setting up
  • Processor module framework
  • Loader framework
  • Plugin framework
  • How to debug custom modules
• IDA Pro subsystems
  • Utils: i/o, custom stl, regex, misc
  • Database: netnodes and flags
  • Foundations: bytes, names, offsets, etc
  • Address range class: segments and functions
  • Accessing and using IDC
  • Cross-references
  • Functions
  • Events
  • Type information
  • Structures and enums
  • Debugger
  • User interface
  • Graphing
  • Decompiler framework
• Plugin programming
  • General guidelines
  • Plugin samples/exercises
    • Colorizer
    • Object extractor
    • Debugger helper
    • Type information
    • Graph plugin
    • Processor extension
    • Reaction to events

What our students say

"Excellent training. Would recommend highly."

"Great class to learn about the powerful features of IDA Pro."

"Very organized, excellent selection of exercises. They build on one another."

"It was the best reverse engineering course I have ever attended."

"Come prepared. A lot was covered. Learning environment was excellent. Staff are very professional. Learned & gained new skills."

"It is a great course for not only using the tool, but for general understanding of binaries."

"This class is indispensible to a beginning RE, make sure to brush up on assembly instructions and concepts."

According to our students, the pace is a little fast, so be prepared for an intensive training!

Order forms

The order forms are available in two formats:

• Adobe Reader (PDF)
• Microsoft Word (DOC)