这是您想要的页面. 查看搜索结果:

Training at a Glance

Vector illustration of an audience watching an instructor on screen

Format

  • Classroom training

Vector illustration of 3 people serving as an audience

Audience

  • Embedded system developers
  • Security researcher
  • Analysts

Vector illustration of a stopwatch timer

Duration

  • 3 courses
  • 4 days, 8 hours each

Vector illustration of certificate or diploma

Outcomes

  • Expert-level reverse engineering techniques
  • Capable of identifying and mitigating potential vulnerabilities in embedded systems

A Deep Dive into Reverse Engineering

Dive deep into static and dynamic analysis techniques using tools like IDA Pro and GDB. Learn how to dissect system architecture, analyze firmware, and identify common vulnerabilities such as memory corruption and command injection. The goal of the training is to enable security professionals to develop ways to defend against future attacks.

Training Outline

Information gathering and essential knowledge

  • Instruction set architecture
  • System design
  • Functional analysis
  • Firmware images
  • Initial file analysis

Loading binaries and disassembly navigation

  • Loading binaries
  • IDA Pro auto analysis
  • IDA Pro workspace
  • Views: disassembly, hex, and other
  • Cross reference and navigation
  • Configuring the IDA Pro workspace
  • Saving the database

Disassembly manipulation

  • Naming
  • Element types
  • Function properties
  • Adding function prototypes
  • Adding comments
  • ARM architecture introduction

Static analysis I: High-level code mapping

  • Functions and calling conventions
  • Basic code constructs

Static analysis II: High-level data structures

  • Arrays
  • C-like structures
  • Linked lists and related structures
  • C++ objects
  • Identifying data types

Type, structure, and constant information

  • Adding types to variables
  • IDA’s structure handling
  • Identifying standard constants
  • Importing structures

Signatures

  • Library functions
  • FLIRT signatures
  • Applying and creating FLIRT signatures

IDA Pro plugins and scripts

  • IDA extension capabilities
  • Useful plugins
  • Plugins installation and script execution

Dynamic analysis: Debugging and emulation

  • Basic debugging techniques
  • The GNU debugger
  • Scripting GDB
  • Other debuggers
  • Dynamic analysis techniques
  • Emulation vs debugging

Typical software vulnerabilities

  • Command injection
  • Memory corruption
  • Format strings
  • Arithmetic overflows
  • Application of reverse engineering techniques
  • War-game with multiple ARM challenges

Related Trainings

Fault Injection Training

Fault Injection Training

Keysight fault injection training combines theoretical knowledge, case studies, and hands-on exercises to cover topics from an introductory level to advanced analysis.

Side Channel Analysis Training

Side Channel Analysis Training

Keysight side channel analysis training offers a comprehensive understanding of hardware security evaluation through side channel analysis techniques.

Interested in this service? Reach out to learn more.