eLearnSecurity Advanced Reverse Engineering Of Software - Review

There is a saying "To understand how something works, you must take it apart and unravel its secrets" that's exactly what reverse engineering is all about i.e. breaking down things apart to figure out how they work from inside. If you have a keen interest in software reverse engineering and are curious on how the bad guys really go about cracking the softwares and developing keygens/patches for it, if you are interested in how security professionals go about analyzing complex malwares, then the "ARES Course" is for you.

Straight from the horse's mouth,  "This advanced reverse engineering training course is highly practical, meaning you will learn things by yourself and not just listen to some instructors and watch. If you like the "learning-by-doing" approach, then this is for you. This is NOT a "learn - repeat - forget" type of training. The course guidance ensures that you will get all the necessary knowledge along the way."

Pre-requisites

Before you enroll into this course, the following are the pre-requisites mentioned by the author.

1) You don't need to already be a reverse engineer to attempt this course, this course takes you from a very beginner level up to an advanced level.

2) Knowledge of assembly language would certainly be helpful, however the author covers important instructions along while demonstrations. In the written part, the author also provides several references assembly guiders and reference books. So, in case if you are unaware what particular assembly instruction does you can quickly look through the references.

3) Basic knowledge of programming concepts (Variables, Strings, functions, pointers etc) is required, however you don't need to be a hardcore programmer to be enrolled into this course.

The course is divided into three parts

1) Foundations
2) Technical Part 1
3) Technical Part 2

Foundations

The "Foundation" part talks about the necessary theory you need to understand how understand before you dive into the technical parts. The course focuses specifically upon the intel 32 bit architecture, memory segments such as stack heap, flags, registers and popularly used windows API's and tools in the trade for reversing.

The author points out that it's not necessary to be a master at assembly language in order to become a successful reverse engineer and which started making sense to me as soon as i finished the technical parts of the course, however as mentioned before the knowledge about certain programming concepts will surely be a great help for you.  Here is what the author states:

Probably, you've heard that if you want to become a reverse engineer you have to master assembly language first, which is far from truth. Of course, being a programmer, especially in not a very high level language like C/C++ can be very helpful in some concepts like points, etc.. but in regards to reversing and assembly language, what you really need is to be able to understand what you see. There's no need to write complex programs using assembly.

Technical Part I - Learning how to reverse

The "technical part 1" goes from very basic software patching up-to in depth analysis of algorithms and windows API's. The very first module of this section is  "String References & Basic Patching", in this module the authors explains several methods of patching an executable such as manipulating, noping out the jumps etc to change the program flow. The next module focuses on using the "Stack" for tracing back algorithm, this comes handy when we are up against a binary, where the strings are encrypted and decrypted on the runtime and therefore we are unable to locate the algorithm with static analysis.

In the next module "Algorithm Reversing" the author digs deeper into the world of reverse engineering by analyzing the algorithms in detail to find a solution that would really validate the given algorithm and this is where the real fun starts. The next module, "Windows Registry Manipulation" is more related to reversing malware rather than cracking softwares, the author analyses an application that is trying to read specific piece of information from the registry, in this module the author also explains the use of "Hardware breakpoints" for monitoring access into specific memory areas. In the next module "File Manipulation", the author dives into more practical reverse engineering methods, where he examines an application that is trying to read contents of a specific file inside the system.


Technical Part II - Anti-reversing tricks

In real world, the binary analysis is not as easy as you might think, you might encounter different obstacles and protections when doing professional reverse engineering. Developers have came up with several tricks for making the binary analysis process much harder by using anti-debugging api's, code obfuscation, packers etc.

The modules gives insights into bypassing most commonly used anti-reversing tricks such as bypassing anti-debugging mechanisms, de-obfuscating code obfuscation and the process of manually unpacking a binary. Last but not least, the author explains about reversing multi-threaded applications, the author points out that analyzing these applications can be bit tricky for beginners, however after understanding the concepts of creations of multi-threads on run-time, this process becomes much more easy.


Challenges

Each module comes with a unique challenge which contains a binary which would allow you to practically perform the techniques you have learnt in the video section of the course. In case if you are unable to solve it, just don't panic, in the video parts the author walks you through solving the challenge.

Exam And Certification


Once you have mastered all the techniques taught in the course, you can appear in the eCRE examination, the exam is divided in to two different parts i.e. theory and practical. You must score at-least 88% in theory part which is a multiple choice question and answers.

 Once you have passed the eCRE Stage 1 (Theory part) you would be allowed to attempt the eCRE Stage 2 in which you dive in to the practical part of the examination, you would be given binaries and would have 7 days to analyse them and write a formal report about it. A examiner will formally analyse your report and if you pass you are titled as "eLearnSecurity Certified Reverse Engineer"

Launch Webinar

If you would like to see this course in action, I would recommend you to take a look at the launch webinar, in which the author shows live demonstration of analysing obfuscated binary.


Conclusion


If you are passionate about reverse engineering or have a dream persuading your career as a reverse engineer, then this course is definitely for you. Overall, I would rate the course to be 9/10 as this one of the most technical and informative courses I have ever taken.

For further information about the course, Please refer the following link - https://www.elearnsecurity.com/course/advanced_reverse_engineering_of_software/
eLearnSecurity Advanced Reverse Engineering Of Software - Review eLearnSecurity Advanced Reverse Engineering Of Software - Review Reviewed by AC10 Tech on Sunday, April 27, 2014 Rating: 5

No comments:

Powered by Blogger.