Automated Reverse Engineering

Instructors:  Kyle Martin
Dates:  June 23 to 26 2025
Capacity:   25 Seats

This class, for experienced reverse engineers, leverages the latest in modern program analysis theory to simplify and automate many every-day reverse engineering tasks. We'll cover how to model high-level language patterns and identify them in binaries regardless of target architecture, automate source-to-sink analysis, build a collection of scripts to run on any binary you open to extract key program attributes, and so much more. We'll discuss how to use automation in long-term reverse engineering projects on large code bases and leverage user annotations to make incremental progress towards your goals, as well as batch processing to make quick, automated decisions and reports on binaries as they come in the door.

New for 2025, we'll also be covering the use of various machine learning tools in reverse engineering, where we've found they tend to work well, where they tend to fall short, and how building ML/AI into your own workflows can massively accelerate your analysis.

 

KEY LEARNING OBJECTIVES

• Accurately identify common code patterns (such as indexing into a buffer, accessing a structure member, and various control flow primitives)
• Improve the accuracy of decompilation through scripts, annotating types, functions, and variables
• Identify and account for common decompiler mistakes (decompilation theory)
• Locate and analyze various bug classes such as buffer overflows and use-after-frees.
• Automate reverse engineering tasks such as locating all calls to a function, checking for unbounded parameters, and source to sink analysis.
• Create plugins for Binary Ninja to customize the reverse engineering experience, support new architectures and platforms, automate tasks, and so much more!

Course Topic

• Beginner, intermediate, advanced, and real-world exercises
• Leveraging intermediate representations for automated reverse engineering
• Tracking how data is moved and manipulated in a program
• How to identify structures, arrays, and other data types in a program automatically and cross-architectures
• Recovering classes and inheritance patterns, and public vs private members
• Recognizing pointers and their data
• Automatically locating cryptographic constants and functions
• Automatically deducing and applying data structures
• Automating source-to-sink analysis
• Generating useful program and function metadata
• Using and automating the debugger
• Scripting queries for binaries
• Single Static Assignment form
• Finding data and references
• Dataflow analysis
• Interprocedural analysis
• Writing plugins for Binary Ninja
• Writing custom architecture plugins
• Supporting new binary formats
• Binary patching / transforms / unpacking
• Customizing analysis with workflows
• Migrating from other tools
• Batch processing
• Integrating machine learning and artificial intelligence into static program analysis scripts
• And more!

Included Course Material

• A free non-commercial license of Binary Ninja including one year of updates (can convert to a license extension or used as a discount for a commercial upgrade upon request)
• Free One-Week Sidekick Trial (New for 2025!)
• Slides
• Example scripts and binaries
• Full answers and working solution scripts at the end of the class!

Prerequisites

Students must be able to read and write intermediate-level Python scripts. A foundation in reverse engineering, vulnerability research, firmware analysis, or similar is strongly recommended. Students should be familiar with how the stack works, what the heap is, and some basic vulnerability classes (buffer overflow, stack smashing, etc). Guided exercises reminiscent of low-point reversing CTF challenges are integrated into the course, and students should be able to derive their own solutions.

HARDWARE REQUIREMENTS

• A laptop that can run Binary Ninja (Ubuntu 22.04/24.04 x64; Windows 10/11 x64; MacOSX 11+ x64, MacOSX 12+ arm64)
• (Optional) A VM to run binaries (most binaries are also provided for Linux, Mac, and Windows, though we often focus on just the Linux versions)

Bio

Kyle Martin is a cyber security software engineer and educator, focused on making all things "binary" easier for humans to understand. Kyle first started teaching at 15 when he became the head counselor at a summer-long computer camp, rewriting their C++ and x86 assembly courses. More recently Kyle led the body of students behind CSAW CTF and CSAW Red, including the internal training initiative enabling students to write the renowned challenges that distinguished those competitions. Now, Kyle runs reverse engineering focused trainings internationally. Kyle brings with him the expertise and support of the entire Vector 35 team, creators of Binary Ninja.

To Register

Click here to register.