Hex-Rays logo State-of-the-art binary code analysis tools
email icon

What is this course about

IDA and the Hex-Rays decompiler are powerful tools, usable by engineers with any skill level; the higher the skills, the better the result.
In order to get the best out of them, the people behind IDA regularly organize training sessions, to allow users to perfect their understanding of the concepts & methodology.
Training comprises theoretical and practical sections, with hands-on exercises, given by experts. Different classes are provided upon the needs of students, from entry level to expert classes aimed at maximizing its capabilities!

Who should attend?
Security Engineers, Security Software Developers, Researchers, Forensic Specialists, Virus Analysts, Software Validator, ...

Ready to step up the next level in binary analysis? Scroll down for more information!

Hex-Rays training illustration
Closing date of registration:
5 pm CEST, Friday 2nd December 2022

Standard training (5 days)
5-9 December 2022 5999 EUR/USD

This training will be taken place ONLINE from 9am to 5pm (EST time zone)
This class provides standard knowledge about IDA by demonstrating its use to analyze binary programs on modern operating systems. While the training will be mainly focused on Microsoft Windows programs, the skills taught are universal and usable on other IDA supported platforms.

What will be covered in the course:

  • Feature oriented introduction to the IDA architecture: The training will focus on making the most of the core IDA disassembly features, its debugger and IDC to dissect real world malware.
  • Binary program analysis in IDA: where to begin, how to proceed toward the goal
  • The binary level representation of modern programs and how malware abuses conventions through code obfuscation, code hiding, etc. Special techniques to handle obfuscated code.
  • Problems encountered during analysis and how to handle them.
  • Automating IDA: batch processing, scripts, plugins

Standard Training outline:

  • IDA overview
  • Common executable file features
  • Debugger
  • IDC
  • IDA features
  • Memory organization
  • Type system
  • IDS files
  • Working with IDA
  • Creating the database: various information sources
  • Various views of the database
  • Navigation
  • Modifying the listing
  • Patching the program
  • With all this information, how do I start my analysis?
  • Working with high level data
  • Arrays
  • Structures
  • Enumerations and bitfields
  • Advanced operations
  • Offsets
  • Bulk operations
  • Special structure types
  • Function prototypes
  • Processor specific issues
  • Code obfuscation
  • Overview of obfuscation techniques
  • Countermeasures
  • Exercises with several real-world sample files
Closing date of registration:
5 pm CEST, Friday 2nd December 2022

Advanced training (3 days)
12-14 December 20223599 EUR/USD

This training will be taken place ONLINE from 9am to 5pm (EST time zone)
This training is intended for experienced IDA users who want to take advantage of its open architecture by extending and improving it. Participants will learn how to write modules to modify the listing, react to events, decrypt/uncompressed data right in the database, and many other things. After the course, participants will have solid understanding of its concepts, classes, and programming interface. We will implement several useful plugins. Be prepared to program a lot in this class!

What will be covered in the course:

  • IDA architecture overview
    • Modules
    • Memory representation
    • Database organization
  • SDK Overview
    • Setting up
    • Processor module framework
    • Loader framework
    • Plugin framework
    • How to debug custom modules
  • IDA subsystems
    • Utils: i/o, custom stl, regex, misc
    • Database: netnodes and flags
    • Foundations: bytes, names, offsets, etc
    • Address range class: segments and functions
    • Accessing and using IDC
    • Cross-references
    • Functions
    • Events
    • Type information
    • Structures and enums
    • Debugger
    • User interface
    • Graphing
    • Decompiler framework
  • Plugin programming
    • General guidelines
    • Plugin samples/exercises
      • Colorizer
      • Object extractor
      • Debugger helper
      • Type information
      • Graph plugin
      • Processor extension
      • Reaction to events
Elias Bachaalany

Your Trainer

Elias is a programmer at heart and a passionate reverse engineer with focus on Windows OS and the x86 architecture. He has been using IDA Pro for at least 22 years. He worked at Hex-Rays where he contributed to the debugger plugins, IDAPython and scripting.

Elias loves writing and teaching. He co-authored 'Practical Reverse Engineering', 'The Antivirus Hacker's Handbook', and authored the Batchography book.

What do you need to attend this training?

An IDA license with active support period.
We will provide you with the latest version at the training. The package will include a free time-limited copy of the decompiler.
For standard class, good x86 assembly knowledge is required, basic MS Windows API, basic programming skills in any procedural programming languages (C++ is preferred)
For the advanced class, a working C++ compiler is necessary (Visual Studio on Windows, g++ on Linux, clang++ on OS X). This class also requires IDA user skills, programming skills in C/C++ languages, and solid reverse engineering experience.