Teaching

I provide training services to companies, research departments and other organizations.

With current and up-to-date material, covering from the latest improvements to the most commonly used tools and incorporating the latest research developments. I have trained on several occasions for BlackHat and have also provided private training services on several occasions.

Ero Carrera and Pedram Amini

The content can be adapted to suit your research team in order to get them acquainted with the most common tools for reverse engineering and vulnerability analysis.

Miscellaneous tools

Among the topics covered are:

  • Introductions to the most common reverse engineering tools. Paimei, IDA, OllyDBG , BinDiff, BinNavi and others are used in practical cases and techniques leveraging on the their respective strenghts are developed
  • Advanced scripting and automation of analysis tasks
  • Development of techniques to handle unpacking of packed binaries

The training has a very workshop-like feeling, involving the researchers with very hands-on and pratical examples in numerous real-life scenarios. In case of large groups (beyond 15 or 20 people), additional trainers, of the caliber of Pedram Amini, might be available in order to provide a better experience.

Contact

For more information, please contact me directly.

Travel flexibility

I'm generally available to travel to any location worldwide.

Language

Being a native spanish speaker, the training can also be conducted in spanish although most of the textual material only exists in english form.

Some past training events have been:

  • Private training, USA, 2005 (in conjunction with Pedram Amini)
  • Private training, Netherlands, 2005 (in conjunction with Pedram Amini)
  • Black Hat USA, Las Vegas, 2006 (in conjunction with Pedram Amini)
  • Sabre-Security Trainings. Frankfurt, 2006 (in conjunction with Halvar Flake)
  • Black Hat, Washington DC, 2007 (in conjunction with Pedram Amini)
  • Private training, Houston, 2007
  • Black Hat USA, Las Vegas, 2007 (in conjunction with Pedram Amini)
  • Black Hat, Tokyo, May 2007 (in conjunction with Pedram Amini)
  • Sabre-Security Trainings. Frankfurt, October 2007 (in conjunction with Halvar Flake)
  • Black Hat, Tokyo, October 2007 (in conjunction with Pedram Amini)
  • Private training, Bilbao, Spain, 2007

General outline

The training is aimed at developing reverse engineering techniques with a focus on malware such as virus, worms. The components of those are discovered and examined unveiling whether the specific malware includes backdoors, IRC-Bot, mass-mailing, worm, etc. functionalities.

Emphasis is put on techniques to rapidly find components and functionality of interest.

Topics covered

The following are some of the topics that can be covered in the training. Wherever possible a hands-on approach is taken and most sections include exercises.

  • Architecture and OS
    • x86 Architecture
    • MS Windows OS
    Windows memory layout
  • PE File Format
    • Overview and Headers
    • Interactive Walkthrough
    • Import/Export Address Tables
    • Updated PE32+ and Usage Examples
    PE File Format Notes
  • Overview of Analysis Tools
    • Debuggers
    • Disassemblers
    • Decompilers
    • Python
  • Disassembly
    • Crash Course
    • Assembly Patterns
  • IDA Pro
    • Overview of Views
    • Driving IDA
    • IDA Python
  • OllyDBG
    • Overview of Views
    • Driving OllyDBG
  • Executable (Un)Packing
    • Executable Packing
    • Executable Unpacking
  • Anti Reverse Engineering
    • Anti-Debugging
    • Anti-Disassembling
    • Anti-PE Analysis
    • Anti-VMWare and Exercises
  • Binary Diffing and Matching
    • Binary Diffing
    • Example in Malware Analysis
    • Binary Matching
  • Automation of analysis
    • Python scripting
    • Advanced IDAPython
    • pefile and pydasm