What is this course about?
IDA and the Hex-Rays decompiler are powerful tools usable by engineers with any skill level; the higher the skills, the better the result.
To get the best out of the products, the people behind IDA regularly organize training sessions to allow users to perfect their understanding of the concepts & methodology.
Training comprises theoretical and practical sections, with hands-on exercises given by experts. Different classes are provided to the needs of students, from entry-level to expert classes aimed at maximizing their capabilities!
Who should attend?
Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus
Analysts, Software Validators, ...
Ready to step up the next level in binary analysis? Scroll down for more information!
training(5 days)
- 18-22 September 2023 (CEST)
- 04-08 December 2023 (EST)
This training will be held ONLINE from 9am to 5pm.
This class provides standard knowledge about IDA by demonstrating its use to analyze binary
programs on
modern operating systems. While the training will be mainly focused on Microsoft Windows
programs, the
skills taught are universal and usable on other IDA supported platforms.
What will be covered in the course:
- Feature oriented introduction to the IDA architecture: The training will focus on making the most of the core IDA disassembly features, its debugger and IDC to dissect real world malware.
- Binary program analysis in IDA: where to begin, how to proceed toward the goal
- The binary level representation of modern programs and how malware abuses conventions through code obfuscation, code hiding, etc. Special techniques to handle obfuscated code.
- Problems encountered during analysis and how to handle them.
- Automating IDA: batch processing, scripts, plugins
Standard Training outline:
- IDA overview
- Common executable file features
- Debugger
- IDC
- IDA features
- Memory organization
- FLIRT
- Type system
- IDS files
- Working with IDA
- Creating the database: various information sources
- Various views of the database
- Navigation
- Modifying the listing
- Patching the program
- With all this information, how do I start my analysis?
- Working with high level data
- Arrays
- Structures
- Enumerations and bitfields
- Advanced operations
- Offsets
- Bulk operations
- Special structure types
- Function prototypes
- Processor specific issues
- Code obfuscation
- Overview of obfuscation techniques
- Countermeasures
- Exercises with several real-world sample files
*An Early Bird Discount of 10% is applicable for registrations made 30 calendar days before the beginning of the Standard session. Organizations registering 5 or more staff members are entitled to a Group Rate. An additional discount is available for registrees for both training sessions. For more information about the discounts, please get in touch with sales@hex-rays.com.
training(3 days)
- 25-27 September 2023 (CEST)
- 11-13 December 2023 (EST)
This training is intended for experienced IDA users who want to take advantage of its open architecture by extending and improving it. Participants will learn how to write modules to modify the listing, react to events, decrypt/uncompressed data right in the database, and many other things. After the course, participants will have solid understanding of its concepts, classes, and programming interface. We will implement several useful plugins. Be prepared to program a lot in this class!
What will be covered in the course:
- IDA architecture overview
- Modules
- Memory representation
- Database organization
- SDK Overview
- Setting up
- Processor module framework
- Loader framework
- Plugin framework
- How to debug custom modules
- IDA subsystems
- Utils: i/o, custom stl, regex, misc
- Database: netnodes and flags
- Foundations: bytes, names, offsets, etc
- Address range class: segments and functions
- Accessing and using IDC
- Cross-references
- Functions
-
- Events
- Type information
- Structures and enums
- Debugger
- User interface
- Graphing
- Decompiler framework
- Plugin programming
- General guidelines
- Plugin samples/exercises
- Colorizer
- Object extractor
- Debugger helper
- Type information
- Graph plugin
- Processor extension
- Reaction to events
*An Early Bird Discount of 10% is applicable for registrations made 30 calendar days before the beginning of the Standard session. Organizations registering 5 or more staff members are entitled to a Group Rate. An additional discount is available for registrees for both training sessions. For more information about the discounts, please get in touch with sales@hex-rays.com.
Your Trainer
Elias is a programmer at heart and a passionate reverse engineer with focus on Windows OS and the x86 architecture. He has been using IDA Pro for at least 22 years. He worked at Hex-Rays where he contributed to the debugger plugins, IDAPython and scripting.
Elias loves writing and teaching. He co-authored 'Practical Reverse Engineering', 'The Antivirus Hacker's Handbook', and authored the Batchography book.
What do you need to attend this training?
We will provide you with the latest version at the training. The package will include a free time-limited copy of the decompiler.
What students think about
the IDA training course
A great way to maximize your use of this tool, even if you are familiar with the very basic functions, there are many non-intuitive but powerful features.
You will learn a lot about IDA and reverse engineering in general from a bird's eye perspective as well as from a low-level perspective.
Gives a very good overview of how to drive IDA programmatically and helps in dramatically simplifying the development environment setup.
Great opportunity to improve your skills.
...