This training focuses primarily on Windows malware and on the analysis, tweaking and re-purposing of real malware samples. Participants will be provided with plenty of custom code to facilitate the understanding of complex malware techniques.
click here for more details
This comprehensive four-day training course is meticulously designed for professionals seeking in-depth knowledge and practical skills in advanced fuzz testing techniques on UNIX (Linux, MacOS, ...). The course encompasses a thorough exploration of leading fuzzing tools such as AFL++, libafl, honggfuzz, and libFuzzer, providing an end-to-end perspective on the full fuzz testing workflow. We will look at targets with source code but also binary-only targets.
click here for more details
Code obfuscation has become a vital tool to protect, for example, intellectual property against
competitors. In general, it attempts to impede program understanding by making the to-be-protected
program more complex. As a consequence, a human analyst reasoning about the obfuscated code has to
overcome this barrier by transforming it into a representation that is easier to understand.
In this training, we get to know state-of-the-art code obfuscation techniques and look at how these
complicate reverse engineering. Afterwards, we gradually familiarize ourselves with different
deobfuscation techniques and use them to break obfuscation schemes in hands-on sessions. Thereby,
participants will deepen their knowledge of program analysis and learn when and how (not) to use
different techniques.
click here for more details
Covering Windows 11 (23H2), the upcoming Windows 11 "Germanium" (24H2), and Server 2025, you'll unravel how bootkits, software supply chain implants, backdoors, and other kernel and firmware malware work.. You'll learn how they, and others, abuse various system functionality, obscure mechanisms, and data structures, in order to do their dirty work, and how you can too defend against it! You'll observe and experiment with how kernel-mode code operates and how it can be subject to compromise by user-mode attackers wishing to elevate their privileges, as well as how to detect, both live and forensically, such attempts. Finally, you'll learn about how CPU architecture deeply ties into OS design, and how Intel's and AMD's mistakes can lead to more pwnage. We'll cover the new Windows 11 kernel changes, including Kernel Data Protection (KDP), eXtended Control Flow Guard (XFG), and Kernel Control-flow Enforcement Technology (KCET), and explain how the Trusted Platform Module (TPM) is used for Measured Boot. We'll go inside the Octagon and learn about System Guard Runtime Assertions and the rewritten Secure Launch framework that leverages Intel TXT and AMD SKINIT for new DRTM-based attestation.
click here for more details
When it comes to encrypted devices, one may want to gather embedded evidences while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate. The primary goal of this training is to provide Digital Forensics & Security Professionals as well as Government Services the skills, mindset and background information necessary to successfully: -Recover ICs internal architectures -Evaluate the efficiency of existing countermeasures -Extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations The Students will be shown how such informations can be used to define easier methods to find / exploit firmware + hardware weaknesses for vulnerability analysis as well as for embedded evidence extraction purposes. Concretely, Students who complete this course will: -Find out how to perform low-level hardware reverse engineering -Develop analysis strategies for the target devices and apply these strategies to recover their embedded data
click here for more details
This class, for experienced reverse engineers, leverages the latest in modern program analysis theory to
simplify and automate many every-day reverse engineering tasks. We'll cover how to model high-level
language patterns and identify them in binaries regardless of target architecture, automate
source-to-sink analysis, build a collection of scripts to run on any binary you open to extract key
program attributes, and so much more. We'll discuss how to use automation in long-term reverse
engineering projects on large code bases and leverage user annotations to make incremental progress
towards your goals, as well as batch processing to make quick, automated decisions and reports on
binaries as they come in the door.
New for 2025, we'll also be covering the use of various machine learning tools in reverse engineering,
where we've found they tend to work well, where they tend to fall short, and how building ML/AI into
your own workflows can massively accelerate your analysis.
click here for more details
This course introduces you to the low level internals of the iOS and macOS kernels from the perspective of a security researcher interested in vulnerability analysis, kernel rootkit/malware analysis/detection or kernel exploit development. While this course is concentrating on MacOS Sequoia on the ARM64 cpu architecture the latest security enhancements of iOS 18 and some differences to the x86_64 architecture will also be discussed. The course material has been updated from the previous runs of the training.
click here for more details
Baseband exploitation is often considered the cream of the offensive security field. In the last decade, only a handful of such exploits were publicly released. As a result, many researchers view the ability to silently achieve code execution on a victim's device by emulating a GSM or LTE base station as a difficult objective.
In reality, baseband exploitation is not as challenging! By following a simple list of steps, a baseband platform can be quickly opened up for research, debugging and exploitation. In this course, students will learn our systematic approach to baseband research - from setting up a fake base station using SDR and open-source BTS software, to achieving initial debugging abilities using our embedded hooking framework, and finally reverse engineering the relevant protocols, hunting for bugs and exploiting them.
click here for more details
This course focuses on automating reverse engineering (RE) processes for malware and firmware analysis using Neural Networks (NN), Natural Language Processing (NLP), and Large Language Models (LLMs). Participants will explore Blackfyre, an open-source system integrating a Ghidra plugin and Python library for binary analysis, as well as BinaryRank, a linear-complexity algorithm for enhancing NLP-based binary data representations. The curriculum covers NN and NLP applications for threat classification, anomaly detection, function name prediction, and similarity detection, alongside advanced topics like LLMs for summarization, signature generation, and report creation. Designed for those with a solid foundation in RE, Python object-oriented programming, and ML concepts (e.g., supervised learning, feature extraction, precision, and recall), this course equips participants with the skills to apply advanced NN/NLP/LLM techniques to automate RE tasks.
click here for more details
The Rust Development for Cyber Security training is a 4-day intensive program designed to equip
participants with the skills to use Rust for building robust defensive and offensive security tools.
Starting with Rust fundamentals, including memory safety, concurrency, and modular design, the course
progresses into practical applications such as OSINT tools, in-memory forensics, port scanning, and
Remote Access Tool (RAT) development.
The training culminates in a hands-on project to build an antivirus and Endpoint Detection and Response
(EDR) tool, integrating network traffic monitoring and advanced forensics. Combining theory with
practical exercises, this course prepares participants to apply Rust effectively in real-world
cybersecurity scenarios.
click here for more details
This 4-day training combines two comprehensive modules, focusing on reverse engineering Rust binaries (Days 1-2) and Golang binaries (Days 3-4). Participants will gain hands-on experience with tools, techniques, and advanced malware analysis, concluding with a capstone project to reinforce their skills. Designed for malware analysts, reverse engineers, and security professionals, this course provides the knowledge needed to tackle real-world reverse engineering challenges in modern programming languages.
click here for more details
This 4-day training combines two comprehensive modules, focusing on reverse engineering Rust binaries (Days 1-2) and Golang binaries (Days 3-4). Participants will gain hands-on experience with tools, techniques, and advanced malware analysis, concluding with a capstone project to reinforce their skills. Designed for malware analysts, reverse engineers, and security professionals, this course provides the knowledge needed to tackle real-world reverse engineering challenges in modern programming languages.
click here for more details
A 4-day Linux kernel exploitation frenzy!
This training guides researchers through the field of Linux kernel exploitation. In a series of
practical labs, the training explores the process of exploiting kernel bugs in a modern Linux
distribution on the x86-64 architecture.
The training is structured as a series of lectures, each followed by one or more hands-on labs. The goal
of each lab is to write a Linux kernel exploit following the techniques described during the lecture.
The training starts with beginner topics but proceeds into advanced areas as well. The beginner chapters
include learning how to escalate privileges and bypass foundational mitigations in x86-64 kernels. The
advanced chapters are primarily dedicated to the modern slab (heap) exploitation techniques and include
an in-depth analysis of the kernel allocators' internals.
The core requirement for this training is the ability to read and write C code. Basic knowledge of the
x86-64 architecture and assembly, GDB, and the common binary exploitation techniques would also come in
handy. There is no need to know any Linux kernel internals: all required parts are covered during the
training.
click here for more details
Hypervisors are complex software that play a critical role in modern infrastructure, but like any
software, they're not immune to flaws which can be exploited by sophisticated attackers. This training
dives into the technical depths of virtualization technologies and explores the flaws leading to virtual
machine (VM) escapes. During this training, you will be able to sharpen your skills on multiple
platforms from the initial analysis of a target to exploiting real world vulnerabilities.
The course explores the attack surfaces hypervisors expose to their guests, both statically and
dynamically. By breaking down how virtual machines communicate with hypervisors and their internal
components, participants will learn to apply their existing vulnerability research and exploitation
skills to any virtualization software. The training also provides detailed insights for each studied
target, including their architectures, typical vulnerabilities, and guidance for effective bug hunting.
This course is ideal for security researchers and vulnerability analysts who are already familiar with
low-level systems programming and common exploitation techniques but are new to hypervisor internals. By
the end of the training, participants will have a solid foundation in virtualization attack surfaces and
vulnerability research as well as the ability to craft proof-of-concept exploits targeting hypervisors.
click here for more details
This fast-paced 4-day course will introduce students to reverse engineering Linux malware, starting off
with a dense recap of x86-64 reverse engineering and Linux internals, leading through common and
advanced Linux malware, Linux evasion tricks and packers, and closing off with a primer on analysis
automation using scripting of a reverse engineering framework.
Students will walk away with a deep understanding of Linux binary analysis techniques and knowledge of
the Linux threat landscape, being able to dissect advanced Linux malware in their day to day operation.
click here for more details
Every day, a new CVE (Common Vulnerabilities and Exposure) is published or a new blog post comes out
detailing the latest and greatest vulnerability. Often, we know about a vulnerability but feel like we
don't have the skills or time to understand its root cause. What if you could change that? What if you
could learn a skill that would lead you step by step towards understanding modern vulnerabilities? If
you feel like you are always "in the dark" about the latest CVE and want to take a step towards the
light (understanding), this course is for you.
Binary patch diffing is an essential skill for reverse engineering, vulnerability research, and malware
analysis. The process helps a researcher identify the security-relevant code changes of a patched binary
and helps highlight the underlying security issues. The process is not magic, and with a little
guidance, a new researcher can learn to identify and understand modern vulnerabilities.
This fast-paced training will teach you how to reverse engineer the latest CVEs. We will start with a
simple CVE description, progress towards identifying a vulnerability, and eventually gain a complete
understanding of the underlying vulnerability and identify its root cause. You will analyze real-world
CVEs, dive into the patch diffing process, and learn a step-by-step approach to modern patch diffing
using open-source tools. The short topical lessons and hands-on exercises will have you patch diffing
recent CVEs and their corresponding binaries across on the Windows platform. You will learn about best
practices, how to avoid patch diffing pitfalls, and get useful scripts to enhance your analysis
workflow. After you discover the vulnerability via patch diffing, you will then learn how to use both
static and dynamic techniques to approach exploit development to exercise the vulnerability.
Take the first step into the light. Sign up for this course. Learn the skill of patch diffing to go from
knowing about a vulnerability to actually understanding it.
click here for more details
Fault Injection is often the weapon of choice for breaking into devices when exploitable software
vulnerabilities are not known or absent. While Fault Injection attacks are nowadays common, typical
concepts,
methodologies, techniques, and attacks are often not sufficiently understood. While achieving success by
simply glitching a target can yield results, it's important to note that this approach alone doesn't
facilitate the creation of innovative attacks.
In this training, students will experience and appreciate the Art of Fault Injection (TAoFI) to exploit
the full potential of Fault Injection attacks.
This training assumes, though it is not strictly mandatory, that students possess prior experience with
Fault Injection attacks, either obtained at work, at home, or at a previously attended training (e.g.,
from Colin, Joe, or Thomas). Students are encouraged to work together in teams of two, sharing their
experiences, to tackle the challenges together more efficiently. Even though not recommended, students
may work individually as well.
Students will be using advanced techniques to characterize the effects of voltage glitches on the
Espressif ESP32 System-on-Chip (SoC). The faults resulting from these voltage glitches are carefully
analyzed and described to build a thorough understanding of the target's susceptibility to voltage
glitches. This enables the students to create powerful Fault Injection exploits. During this training,
rather than focusing on a specific
set of tools, the students will focus more on the concepts, methodologies, techniques, and attacks
relevant to Fault Injection attacks.
Students will experience, with guidance from experts, performing real-world Fault Injection attacks,
that were either disclosed by Raelize or other security researchers. Students will be using the NewAE
ChipWhisperer-Husky, typical hardware lab tooling like an oscilloscope and a hardware debugger. Students
are provided with a virtual machine (VM) with all the required tooling installed, as well as access to
the required hardware.
Upon completing the training, students will be proficient in executing sophisticated Fault Injection
attacks on real-world targets using commercially available tooling. The knowledge gained from
understanding the
underlying concepts, methodologies, techniques, and attacks, can be used by the students to perform
novel Fault Injection attacks on other targets of interest
click here for more details
This class is designed to introduce students to the most effective tools and techniques for applying
cutting-edge deep learning-based artificial intelligence to cybersecurity tasks. By leveraging AI-driven
automation, students will explore new ways to enhance security workflows and optimize vulnerability
research.
We will take a deep dive into modern AI architectures, focusing on how deep learning models can assist
in areas such as malware analysis, reverse engineering, vulnerability research, and penetration testing.
Students will learn to train, fine-tune, and apply large language models (LLMs) to solve real-world
cybersecurity challenges, integrating AI-driven solutions into their daily operations. The course will
provide hands-on experience with model training, embeddings, vector search, and advanced security
automation techniques.
Through practical exercises, students will gain proficiency in using AI to automate security tasks. By
the end of the course, attendees will have the skills and knowledge to incorporate deep learning-based
AI solutions into their cybersecurity workflows, enhancing both efficiency and effectiveness.
click here for more details
You can checkout https://summoning.team/ for a better presentation
of this training
In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25
single bugs), these vulnerabilities will all be unique in their style and target real world softwares in
the class, we'll walk you through bypassing mitigation, discovering and chaining complex
vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is
going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for
finding and exploiting bugs in .NET environments.
click here for more details
This course introduces students to modular implant design. While it focuses on the Windows operating system, many of the topics are applicable to other systems with slight modifications. This course takes an opinionated approach to implant development that asserts payloads should be as complex as they need to be and no more. In particular, it should be easy to extend implant functionality, selectively compile in features and adjust to the quirks of the environment they are deployed in. Lectures cover strategies for designing flexible implants and labs will center around developing a command and control server, with an implant derived from sHELL (hell shell).
sHELL (Hell shell): a hellish way to develop a shell. sHELL is a teaching shell that demonstrates one strategy for building modular implants: custom dynamic linking. In particular, each command that the shell supports is implemented in a separate binary file refereed to as a module. At runtime, the main program can load a module and extend runtime functionality. To start with, sHELL supports loading DLL modules from disk. As the course progresses, students will work to add functionality, implement loaders for other types of modules, and improve opsec.
click here for more details