DeepSec Training 2024: Software Reverse Engineering Training Course for Beginners – Balazs Bucsay
The training course targets attendees who have little to no knowledge of reverse engineering but possess the ability to write simple programs in a programming language of their choice and also have a desire to learn reverse engineering of compiled applications.
The course spans two days, during which low-level computing and the basics of architectures are explained. The primary target architectures of this course are Intel x86 and AMD x64, where we cover the fundamentals of computing and assembly language. Throughout the course, we will explore how to create basic programs in both C and assembly, and then explore the process of reverse engineering using disassembler, decompiler and debugger on Windows.
Each day of the course emphasises hands-on labs, allowing participants to apply their newly gained knowledge in practical exercises. Theory alone quickly fades, so our primary aim is to help you gain useful, long-term knowledge by putting it into practice.
Every challenge builds upon the previous one to ensure continuous learning and the overcoming of new obstacles. This approach allows knowledge to be built up reliably and quickly, without wasting time, which is one of the major objectives of this training. The labs are fun and entertaining, providing a substantial reward for those who can solve them.
The training employs state-of-the-art tools and techniques that mirror those utilised in real-world situations. Any knowledge gained during the training can be readily applied to real-life objectives following the course.
We asked Balazs a few more questions about his training.
Please tell us the top 5 facts about your training.
- Software Reverse Engineering (SRE) is an essential skill that covers the inner working of computers.
- It has a wide range of applications, including Malware Analysis, Offensive Security Research, Exploit Development, and Intellectual Property Recovery.
- While it may seem like a complex or mysterious skill, our training simplifies and condenses the knowledge, making it an ideal starting point for beginners.
- In just two days, you can grasp the basics, providing a strong foundation for becoming an advanced reverse engineer.
- The course is built around practical examples that reinforce and deepen your newly acquired knowledge.
How did you come up with it? Was there something like an initial spark that set your mind on creating this training?
Looking around today’s training offerings, it appears that most low-level courses, including exploit development and kernel exploitation, require Software Reverse Engineering (SRE) as a prerequisite, yet there is a noticeable lack of such foundational training available.
Why do you think this is an important topic?
Most IT security professionals are gravitating toward high-level technologies, such as cloud security. While these areas are important, it’s also very important to understand low-level concepts, as they can be valuable in the long run.
Is there something you want everybody to know – some good advice for our readers maybe?
If you are interested in the ‘black magic’ of Software Reverse Engineering and have always wanted to learn assembly and Ghidra, this is the course for you!
A prediction for the future – what do you think will be the next innovations or future downfalls for your field of expertise / the topic of your talk in particular?
Regardless of new technologies or the high-level languages favored by most of these days, there will always be a need for people who can read assembly and perform low-level operations.
Balazs Bucsay is the founder & CEO of Mantra Information Security that offers a variety of consultancy services in the field of IT Security. With decades of offensive security experience, he is focusing his time mainly on research in various fields including Red Teaming, Reverse Engineering, embedded devices, firmware emulation, CI/CD and cloud. He gave multiple talks around the globe (Singapore, London, Melbourne, Honolulu) on different advanced topics and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, OSWP) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things, so he always shares it with his peers. Because of his passion for technology, he starts the second shift right after work to do some research to find new vulnerabilities.