This training focuses primarily on Windows malware and on the analysis, tweaking and re-purposing of real malware samples. Participants will be provided with plenty of custom code to facilitate the understanding of complex malware techniques.
click here for more details
This comprehensive four-day training course is meticulously designed for professionals seeking in-depth knowledge and practical skills in advanced fuzz testing techniques on UNIX (Linux, MacOS, ...). The course encompasses a thorough exploration of leading fuzzing tools such as AFL++, libafl, honggfuzz, and libFuzzer, providing an end-to-end perspective on the full fuzz testing workflow. We will look at targets with source code but also binary-only targets.
click here for more details
Code obfuscation has become a vital tool to protect, for example, intellectual property against
competitors. In general, it attempts to impede program understanding by making the to-be-protected
program more complex. As a consequence, a human analyst reasoning about the obfuscated code has to
overcome this barrier by transforming it into a representation that is easier to understand.
In this training, we get to know state-of-the-art code obfuscation techniques and look at how these
complicate reverse engineering. Afterwards, we gradually familiarize ourselves with different
deobfuscation techniques and use them to break obfuscation schemes in hands-on sessions. Thereby,
participants will deepen their knowledge of program analysis and learn when and how (not) to use
different techniques.
click here for more details
Covering Windows 11 (23H2), the upcoming Windows 11 "Germanium" (24H2), and Server 2025, you'll unravel how bootkits, software supply chain implants, backdoors, and other kernel and firmware malware work.. You'll learn how they, and others, abuse various system functionality, obscure mechanisms, and data structures, in order to do their dirty work, and how you can too defend against it! You'll observe and experiment with how kernel-mode code operates and how it can be subject to compromise by user-mode attackers wishing to elevate their privileges, as well as how to detect, both live and forensically, such attempts. Finally, you'll learn about how CPU architecture deeply ties into OS design, and how Intel's and AMD's mistakes can lead to more pwnage. We'll cover the new Windows 11 kernel changes, including Kernel Data Protection (KDP), eXtended Control Flow Guard (XFG), and Kernel Control-flow Enforcement Technology (KCET), and explain how the Trusted Platform Module (TPM) is used for Measured Boot. We'll go inside the Octagon and learn about System Guard Runtime Assertions and the rewritten Secure Launch framework that leverages Intel TXT and AMD SKINIT for new DRTM-based attestation.
click here for more details
When it comes to encrypted devices, one may want to gather embedded evidences while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate. The primary goal of this training is to provide Digital Forensics & Security Professionals as well as Government Services the skills, mindset and background information necessary to successfully: -Recover ICs internal architectures -Evaluate the efficiency of existing countermeasures -Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations The Students will be shown how such informations can be used to define easier methods to find / exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes. Concretely, Students who complete this course will: -Find out how to perform low-level hardware reverse engineering -Develop analysis strategies for the target devices and apply these strategies to recover their embedded data
click here for more details
This class, for experienced reverse engineers, leverages the latest in modern program analysis theory to
simplify and automate many every-day reverse engineering tasks. We'll cover how to model high-level
language patterns and identify them in binaries regardless of target architecture, automate
source-to-sink analysis, build a collection of scripts to run on any binary you open to extract key
program attributes, and so much more. We'll discuss how to use automation in long-term reverse
engineering projects on large code bases and leverage user annotations to make incremental progress
towards your goals, as well as batch processing to make quick, automated decisions and reports on
binaries as they come in the door.
New for 2025, we'll also be covering the use of various machine learning tools in reverse engineering,
where we've found they tend to work well, where they tend to fall short, and how building ML/AI into
your own workflows can massively accelerate your analysis.
click here for more details
This course introduces you to the low level internals of the iOS and macOS kernels from the perspective of a security researcher interested in vulnerability analysis, kernel rootkit/malware analysis/detection or kernel exploit development. While this course is concentrating on MacOS Sequoia on the ARM64 cpu architecture the latest security enhancements of iOS 18 and some differences to the x86_64 architecture will also be discussed. The course material has been updated from the previous runs of the training.
click here for more details
Baseband exploitation is often considered the cream of the offensive security field. In the last decade, only a handful of such exploits were publicly released. As a result, many researchers view the ability to silently achieve code execution on a victim's device by emulating a GSM or LTE base station as a difficult objective.
In reality, baseband exploitation is not as challenging! By following a simple list of steps, a baseband platform can be quickly opened up for research, debugging and exploitation. In this course, students will learn our systematic approach to baseband research - from setting up a fake base station using SDR and open-source BTS software, to achieving initial debugging abilities using our embedded hooking framework, and finally reverse engineering the relevant protocols, hunting for bugs and exploiting them.
click here for more details
This course focuses on automating reverse engineering (RE) processes for malware and firmware analysis using Neural Networks (NN), Natural Language Processing (NLP), and Large Language Models (LLMs). Participants will explore Blackfyre, an open-source system integrating a Ghidra plugin and Python library for binary analysis, as well as BinaryRank, a linear-complexity algorithm for enhancing NLP-based binary data representations. The curriculum covers NN and NLP applications for threat classification, anomaly detection, function name prediction, and similarity detection, alongside advanced topics like LLMs for summarization, signature generation, and report creation. Designed for those with a solid foundation in RE, Python object-oriented programming, and ML concepts (e.g., supervised learning, feature extraction, precision, and recall), this course equips participants with the skills to apply advanced NN/NLP/LLM techniques to automate RE tasks.
click here for more details
The Rust Development for Cyber Security training is a 4-day intensive program designed to equip
participants with the skills to use Rust for building robust defensive and offensive security tools.
Starting with Rust fundamentals, including memory safety, concurrency, and modular design, the course
progresses into practical applications such as OSINT tools, in-memory forensics, port scanning, and
Remote Access Tool (RAT) development.
The training culminates in a hands-on project to build an antivirus and Endpoint Detection and Response
(EDR) tool, integrating network traffic monitoring and advanced forensics. Combining theory with
practical exercises, this course prepares participants to apply Rust effectively in real-world
cybersecurity scenarios.
click here for more details
This 4-day training combines two comprehensive modules, focusing on reverse engineering Rust binaries (Days 1-2) and Golang binaries (Days 3-4). Participants will gain hands-on experience with tools, techniques, and advanced malware analysis, concluding with a capstone project to reinforce their skills. Designed for malware analysts, reverse engineers, and security professionals, this course provides the knowledge needed to tackle real-world reverse engineering challenges in modern programming languages.
click here for more details
This intensive 4-day training equips participants with cutting-edge fuzzing techniques and real-world applications, focusing on Windows environments, structured file fuzzing, and advanced vulnerability research. The training combines theoretical foundations, practical labs, and case studies to prepare participants for professional fuzzing and vulnerability discovery challenges.
click here for more details
A 4-day Linux kernel exploitation frenzy!
This training guides researchers through the field of Linux kernel exploitation. In a series of
practical labs, the training explores the process of exploiting kernel bugs in a modern Linux
distribution on the x86-64 architecture.
The training is structured as a series of lectures, each followed by one or more hands-on labs. The goal
of each lab is to write a Linux kernel exploit following the techniques described during the lecture.
click here for more details
This training will equip students with an understanding of modern virtualization architecture and attack surfaces with a focus on KVM, while also looking at Samsung Knox's Real-time Kernel Protection (RKP), Huawei's Hypervisor Execution Environment (HHEE). Through structured labs, students will build the intuition to be able to effectively find and exploit design flaws and memory corruption issues within hypervisors, and attack hypervisor-enforced security mechanisms.
click here for more details
Hypervisors are complex software that play a critical role in modern infrastructure, but like any
software, they're not immune to flaws which can be exploited by sophisticated attackers. This training
dives into the technical depths of virtualization technologies and explores the flaws leading to virtual
machine (VM) escapes. During this training, you will be able to sharpen your skills on multiple
platforms from the initial analysis of a target to exploiting real world vulnerabilities.
The course explores the attack surfaces hypervisors expose to their guests, both statically and
dynamically. By breaking down how virtual machines communicate with hypervisors and their internal
components, participants will learn to apply their existing vulnerability research and exploitation
skills to any virtualization software. The training also provides detailed insights for each studied
target, including their architectures, typical vulnerabilities, and guidance for effective bug hunting.
click here for more details
This fast-paced 4-day course will introduce students to reverse engineering Linux malware, starting off
with a dense recap of x86-64 reverse engineering and Linux internals, leading through common and
advanced Linux malware, Linux evasion tricks and packers, and closing off with a primer on analysis
automation using scripting of a reverse engineering framework.
Students will walk away with a deep understanding of Linux binary analysis techniques and knowledge of
the Linux threat landscape, being able to dissect advanced Linux malware in their day to day operation.
click here for more details
This fast-paced course will teach you how to reverse engineer real-world CVEs on Windows using open-source tools. Starting from a simple description of a vulnerability, you'll progress to identifying its root cause through hands-on exercises. The training emphasizes practical application, focusing on analyzing recent CVEs and their corresponding binaries. You'll learn a step-by-step approach to modern patch diffing, including best practices, common pitfalls to avoid, and useful scripts to enhance your workflow.
In addition to patch diffing, the course focuses on both static and dynamic vulnerability analysis, allowing you to develop exploits and exercise the vulnerabilities you identify (and even learn to use AI to kickstart your POCs!). With short topical lessons and practical exercises, you'll gain confidence in your ability to analyze and understand modern vulnerabilities.
Don't let gaps in your knowledge keep you in the dark - take a step into the light. Sign up for this course and learn the skills needed to transition from knowing about a vulnerability to truly understanding it.
click here for more details
Fault Injection is often the weapon of choice for breaking into devices when exploitable software
vulnerabilities are not known or absent. While Fault Injection attacks are nowadays common, typical
concepts,
methodologies, techniques, and attacks are often not sufficiently understood. While achieving success by
simply glitching a target can yield results, it's important to note that this approach alone doesn't
facilitate the creation of innovative attacks.
In this training, students will experience and appreciate the Art of Fault Injection (TAoFI) to exploit
the full potential of Fault Injection attacks.
click here for more details
This class is designed to introduce students to the most effective tools and techniques for applying
cutting-edge deep learning-based artificial intelligence to cybersecurity tasks. By leveraging AI-driven
automation, students will explore new ways to enhance security workflows and optimize vulnerability
research.
We will take a deep dive into modern AI architectures, focusing on how deep learning models can assist
in areas such as malware analysis, reverse engineering, vulnerability research, and penetration testing.
Students will learn to train, fine-tune, and apply large language models (LLMs) to solve real-world
cybersecurity challenges, integrating AI-driven solutions into their daily operations. The course will
provide hands-on experience with model training, embeddings, vector search, and advanced security
automation techniques.
Through practical exercises, students will gain proficiency in using AI to automate security tasks. By
the end of the course, attendees will have the skills and knowledge to incorporate deep learning-based
AI solutions into their cybersecurity workflows, enhancing both efficiency and effectiveness.
click here for more details
You can checkout https://summoning.team/ for a better presentation
of this training
In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25
single bugs), these vulnerabilities will all be unique in their style and target real world softwares in
the class, we'll walk you through bypassing mitigation, discovering and chaining complex
vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is
going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for
finding and exploiting bugs in .NET environments.
click here for more details
This course introduces students to modular implant design. While it focuses on the Windows operating system, many of the topics are applicable to other systems with slight modifications. This course takes an opinionated approach to implant development that asserts payloads should be as complex as they need to be and no more. In particular, it should be easy to extend implant functionality, selectively compile in features and adjust to the quirks of the environment they are deployed in. Lectures cover strategies for designing flexible implants and labs will center around developing a command and control server, with an implant derived from sHELL (hell shell).
sHELL (Hell shell): a hellish way to develop a shell. sHELL is a teaching shell that demonstrates one strategy for building modular implants: custom dynamic linking. In particular, each command that the shell supports is implemented in a separate binary file refereed to as a module. At runtime, the main program can load a module and extend runtime functionality. To start with, sHELL supports loading DLL modules from disk. As the course progresses, students will work to add functionality, implement loaders for other types of modules, and improve opsec.
click here for more details
This training provides an in-depth, hands-on approach to reverse engineering embedded systems, covering firmware analysis, hardware debugging, and PCB reverse engineering. Participants will extract, analyze, and modify firmware using advanced techniques in Ghidra while learning to decode proprietary communication protocols with logic analyzers. The course also explores hardware-focused attacks, including live data exfiltration via debugging interfaces such as SPI, JTAG, and SWD, as well as chip depopulation and deadbugging methods for accessing embedded storage. Additionally, participants will reverse-engineer PCBs to map critical components, identify attack vectors, and reconstruct undocumented hardware designs.
click here for more details