Automated Reverse Engineering
Instructors: Kyle Martin
Dates: June 23 to 26 2025
Capacity: 25 Seats
This class, for experienced reverse engineers, leverages the latest in modern program analysis theory to
simplify and automate many every-day reverse engineering tasks. We'll cover how to model high-level
language patterns and identify them in binaries regardless of target architecture, automate
source-to-sink analysis, build a collection of scripts to run on any binary you open to extract key
program attributes, and so much more. We'll discuss how to use automation in long-term reverse
engineering projects on large code bases and leverage user annotations to make incremental progress
towards your goals, as well as batch processing to make quick, automated decisions and reports on
binaries as they come in the door.
New for 2025, we'll also be covering the use of various machine learning tools in reverse engineering,
where we've found they tend to work well, where they tend to fall short, and how building ML/AI into
your own workflows can massively accelerate your analysis.
KEY LEARNING OBJECTIVES
- Accurately identify common code patterns (such as indexing into a buffer, accessing a structure
member, and various control flow primitives)
- Improve the accuracy of decompilation through scripts, annotating types, functions, and variables
- Identify and account for common decompiler mistakes (decompilation theory)
- Locate and analyze various bug classes such as buffer overflows and use-after-frees.
- Automate reverse engineering tasks such as locating all calls to a function, checking for unbounded
parameters, and source to sink analysis.
- Create plugins for Binary Ninja to customize the reverse engineering experience, support new
architectures and platforms, automate tasks, and so much more!
Course Topic
- Beginner, intermediate, advanced, and real-world exercises
- Leveraging intermediate representations for automated reverse engineering
- Tracking how data is moved and manipulated in a program
- How to identify structures, arrays, and other data types in a program automatically and
cross-architectures
- Recovering classes and inheritance patterns, and public vs private members
- Recognizing pointers and their data
- Automatically locating cryptographic constants and functions
- Automatically deducing and applying data structures
- Automating source-to-sink analysis
- Generating useful program and function metadata
- Using and automating the debugger
- Scripting queries for binaries
- Single Static Assignment form
- Finding data and references
- Dataflow analysis
- Interprocedural analysis
- Writing plugins for Binary Ninja
- Writing custom architecture plugins
- Supporting new binary formats
- Binary patching / transforms / unpacking
- Customizing analysis with workflows
- Migrating from other tools
- Batch processing
- Integrating machine learning and artificial intelligence into static program analysis scripts
- And more!
Included Course Material
- A free non-commercial license of Binary Ninja including one year of updates (can convert to a
license extension or used as a discount for a commercial upgrade upon request)
- Free One-Week Sidekick Trial (New for 2025!)
- Slides
- Example scripts and binaries
- Full answers and working solution scripts at the end of the class!
Prerequisites
Students must be able to read and write intermediate-level Python scripts. A foundation in reverse
engineering, vulnerability research, firmware analysis, or similar is strongly recommended. Students
should be familiar with how the stack works, what the heap is, and some basic vulnerability classes
(buffer overflow, stack smashing, etc). Guided exercises reminiscent of low-point reversing CTF
challenges are integrated into the course, and students should be able to derive their own solutions.
HARDWARE REQUIREMENTS
- A laptop that can run Binary Ninja (Ubuntu 22.04/24.04 x64; Windows 10/11 x64; MacOSX 11+ x64,
MacOSX 12+ arm64)
- (Optional) A VM to run binaries (most binaries are also provided for Linux, Mac, and Windows, though
we often focus on just the Linux versions)
Bio
Kyle Martin is a cyber security software engineer and educator, focused on making all things
"binary" easier for humans to understand. Kyle first started teaching at 15 when he became the head
counselor at a summer-long computer camp, rewriting their C++ and x86 assembly courses. More recently
Kyle led the body of students behind CSAW CTF and CSAW Red, including the internal training initiative
enabling students to write the renowned challenges that distinguished those competitions. Now, Kyle runs
reverse engineering focused trainings internationally. Kyle brings with him the expertise and support of
the entire Vector 35 team, creators of Binary Ninja.
To Register
Click here to register.