Instructors: Nicolas Brulez
Dates: May 30-June 2 2022
Location:  Hotel Monville
Capacity: 25 Seats

This 4 days course is a hands on training. We are going to reverse engineer samples and code our own scripts. A minimum number of slides will be provided when methotology is needed, but students will "learn by doing".


Class Outline

Day 1 Unpacking + Unobfuscation using IDA Pro processor extension plugins (nanomites)

Day 2 Unpacking Malwares : Emotet, Grandcrab, Guloader etc

Day 3 Advanced Malware Analysis : Symbolic Execution , IDA Python Scripting etc

Day 4 APT Reverse Engineering


This class is intended for students who have been working with malware and doing reverse engineering in the past. Professionals doing Forensics Investigations, Incident Response, Malware Analysis can benefit from the course as long as they have the prerequisites listed below.

Class Requirements


Students should be familiar with Debugging and IDA Pro: The class is not an introduction to reverse engineering. Students should be familiar with Assembly: We won't cover assembly basics during the class

Students should have a laptop with required software installed before attending the class.

Software requirement:

- Legit version of IDA Pro >=7

- Virtual Machine with windows 10 installed

- x64dbg

- Python 3

- PE Editor of your choice

- Hex Editor or your choice

- FASM assembler


Nicolas Brulez is the founder (2020) and CEO of HEXORCIST, a company that specializes in providing reverse engineering and malware analysis training. Prior to that, he worked for eight years as Principal Malware Researcher in the Global Research and Analysis Team at Kaspersky and was leading the Malware analysis reversing classes. Nicolas also worked as a senior virus researcher for Websense Security Labs where he conducted malware Reverse Engineering and programmed generic unpacking tools. He is also a co-author of the Armadillo Protection system. Over the past 20 years, Nicolas has authored numerous articles and papers on reverse engineering and virus analysis. He was the only instructor at the first RECON conference in 2005 and is still teaching there more than 15 years later. As well as RECON, Nicolas has presented at Pacsec, ToorCon, SSTIC, Virus Bulletin, Hacker Halted, RuxCon, TakeDownCon etc.

To Register

Click here to register.