REcon 2026 Training


REcon 2026 will feature 19 world-class training courses from June 15-18, 2026, in Montreal. Our training lineup covers advanced topics in reverse engineering, malware analysis, exploitation, AI-powered security research, embedded systems, and more.


Training Dates: June 15-18, 2026 (4 days)
Location: Montreal, QC
Standard Pricing: $5,500 CAD (before May 1) / $6,000 CAD (after May 1)
Windows Internals Pricing: $6,000 CAD (before May 1) / $6,500 CAD (after May 1)


Click on any training title below for full details, instructor bios, prerequisites, and registration.



LIST OF TRAINING SESSIONS FOR RECON 2026:


- Advanced .NET Exploitation by Sina Kheirkhah (@SinSinology)(4 days)

- Advanced IC Reverse Engineering & Data Extraction by Olivier Thomas(4 days)

- Advanced Malware Reverse Engineering by Marion Marschalek(4 days)

- AI Agents for Cybersecurity by Richard Johnson(4 days)

- Attacking Real-World IoT and Embedded Devices by Julien Cohen-Scali & Lucas Van Haaren(4 days)

- Automated Reverse Engineering by Kyle Martin(4 days)

- Automating Reverse Engineering with AI/ML, Graphs, and LLM Agents by Malachi Jones & Joe Mansour(4 days)

- Bug Hunting in Hypervisors by Corentin Bayet & Bruno Pujos(4 days)

- Building Agentic RE: Automating Reverse Engineering & Vulnerability Research with AI by John McIntosh(4 days)

- Embedded & Shredded - Advanced Embedded System Hacking by Caleb Davis(4 days)

- Exploiting the Linux Kernel by Andrey Konovalov(4 days)

- Modular Implant Design for Windows by Kai (Kbsec)(4 days)

- Modern Malware OPSEC & Anti-Reverse Techniques by Silvio La Porta & Antonio Villani(4 days)

- Reversing Modern Binaries: Practical Rust & Go Analysis by Kylian Boulard de Pouqueville & Mathieu Hoste(4 days)

- Rust Development for Cyber Security by Tanguy Duhamel & Tristan Ferreira(4 days)

- Software Deobfuscation Techniques by Tim Blazytko(4 days)

- The Art of Fault Injection: Advanced Techniques & Attacks by Cristofaro Mune & Niek Timmers(4 days)

- The FLARE Team's Guide to Reverse Engineering Modern Malware by Josh Stroschein(4 days)

- Windows Internals for Reverse Engineers by Yarden Shafir(4 days)



Advanced .NET Exploitation

In this 4 day training course, we will be exploiting 15+ remote code execution chains (total of 25 single bugs), these vulnerabilities will all be unique in their style and target real world softwares in the class, we'll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects. This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.


 

click here for more details



Advanced IC Reverse Engineering & Data Extraction

When it comes to encrypted devices, one may want to gather embedded evidences while another would like to be able to check if a hardware backdoor is present or if the component and / or its embedded firmware (boot ROM / user code) contain intrinsic breaches, that could be exploited by a pirate. The primary goal of this training is to provide Digital Forensics & Security Professionals as well as Government Services the skills, mindset and background information necessary to successfully recover ICs internal architectures, evaluate the efficiency of existing countermeasures, and extract NVMs contents (ROM & Flash), in order to analyze and evaluate the security of the embedded firmware, and extract secret informations.


 

click here for more details



Advanced Malware Reverse Engineering

This course aims to teach reverse engineers the world of malware, with a primary focus on Windows, while also shining a light on other platforms. Students will learn how to take apart about any malicious binary that comes their way, through combining state-of-the-art malware analysis tooling with advanced reverse engineering skills. This includes understanding and circumventing advanced self-protection mechanisms that modern day malware tends to employ.


 

click here for more details



AI Agents for Cybersecurity

This class is designed to introduce students to the most effective tools and techniques for applying cutting-edge deep learning-based artificial intelligence to cybersecurity tasks. By leveraging AI-driven automation, students will explore new ways to enhance security workflows, improve threat detection, and optimize vulnerability research. We will take a deep dive into modern AI architectures, focusing on how deep learning models can assist in areas such as malware analysis, reverse engineering, vulnerability research, and penetration testing.


 

click here for more details



Attacking Real-World IoT and Embedded Devices

In this training, participants will learn to reverse, emulate, and fuzz real-world IoT and embedded devices commonly found in modern homes and small businesses. We focus on attacking widely-deployed targets, many of which were previously featured at Pwn2Own, using software-driven techniques, public firmware images, and real-world exploitation workflows. Unlike traditional hardware-centric IoT trainings, our approach emphasizes firmware analysis, network interaction, emulation, and vulnerability discovery via binary exploitation, fuzzing and reversing.


 

click here for more details



Automated Reverse Engineering

This training provides hands-on experience with Binary Ninja's powerful automation capabilities, teaching participants how to streamline their reverse engineering workflows and build custom analysis tools. Students will learn to leverage Binary Ninja's Python API to automate repetitive tasks, create custom analyses, and integrate with other security tools.


 

click here for more details



Automating Reverse Engineering with AI/ML, Graphs, and LLM Agents

This course teaches automating reverse engineering (RE) for malware, firmware, and vulnerability analysis by shifting from isolated single-binary analysis to system-level reasoning. Students unify partial program facts recovered from disassembly into a graph that grounds LLMs and agents. Hands-on labs build a lightweight, BinQL-style analysis system with Neo4j and NL2GQL, which translates natural-language RE questions into graph queries, then apply embeddings, RAG, agent workflows (MCP/AutoGen), and fine-tuned LLaMA models for scalable RE automation.


 

click here for more details



Bug Hunting in Hypervisors

Hypervisors are complex software that play a critical role in modern infrastructure, but like any software, they're not immune to flaws which can be exploited by sophisticated attackers. This training dives into the technical depths of virtualization technologies and explores the flaws leading to virtual machine (VM) escapes. During this training, you will be able to sharpen your skills on multiple platforms from the initial analysis of a target to exploiting real world vulnerabilities.


 

click here for more details



Building Agentic RE: Automating Reverse Engineering & Vulnerability Research with AI

Reverse engineering is entering the Agentic Era. In this four‑day, hands‑on course, you'll learn to build private AI stacks, develop custom MCP servers, and orchestrate workflows where LLMs act as autonomous collaborators in reverse engineering and vulnerability research. By the end, you'll have the skills to design integrated agentic workflows that help analyze binaries, surface vulnerabilities, validate, and triage results in a reproducible, extensible system.


 

click here for more details



Embedded & Shredded - Advanced Embedded System Hacking

This training provides an in-depth, hands-on approach to reverse engineering embedded systems, covering firmware analysis, hardware debugging, and PCB reverse engineering. Participants will extract, analyze, and modify firmware using advanced techniques in Ghidra while learning to decode proprietary communication protocols with logic analyzers. The course also explores hardware-focused attacks, including live data exfiltration via debugging interfaces such as SPI, JTAG, and SWD, as well as chip depopulation and deadbugging methods for accessing embedded storage.


 

click here for more details



Exploiting the Linux Kernel

This training guides researchers through the field of Linux kernel exploitation. In a series of practical labs, the training explores the process of exploiting kernel bugs in a modern Linux distribution on the x86-64 architecture. The training is structured as a series of lectures, each followed by one or more hands-on labs. The goal of each lab is to write a Linux kernel exploit following the techniques described during the lecture.


 

click here for more details



Modular Implant Design for Windows

This course introduces students to modular implant design. While it focuses on the Windows operating system, many of the topics are applicable to other systems with slight modifications. This course takes an opinionated approach to implant development that asserts payloads should be as complex as they need to be and no more. In particular, it should be easy to extend implant functionality, selectively compile in features and adjust to the quirks of the environment they are deployed in.


 

click here for more details



Modern Malware OPSEC & Anti-Reverse Techniques

The course will present an in-depth description of the techniques implemented in modern malware to evade defenders and security products (such as AV, IPS, IDS, EDR), and how attackers design and operate their implants in order to ensure a prompt redeployment after a detection or a public disclosure by researchers or security vendors. The course will also cover real-world scenarios that impair (effectively slow-down or dissuade) reverse engineering efforts and make the job of first responders tougher.


 

click here for more details



Reversing Modern Binaries: Practical Rust & Go Analysis

This 4-day training combines two comprehensive modules, focusing on reverse engineering Rust binaries (Days 1-2) and Golang binaries (Days 3-4). Participants will gain hands-on experience with tools, techniques, and advanced malware analysis, concluding with a capstone project to reinforce their skills. Designed for malware analysts, reverse engineers, and security professionals, this course provides the knowledge needed to tackle real-world reverse engineering challenges in modern programming languages.


 

click here for more details



Rust Development for Cyber Security

Learn to build defensive security tools in Rust. Over four days, you'll respond to a simulated breach: analyzing network captures, digging through memory dumps, decrypting attacker communications, and building detection systems. The training culminates with you taking control of the malware itself and sending the kill command. You'll leave with 17 working tools you built yourself and the skills to create more.


 

click here for more details



Software Deobfuscation Techniques

Code obfuscation has become a vital tool to protect intellectual property against competitors. In general, it makes software harder to understand and analyze. While obfuscation techniques vary in their strength and efficiency, reverse engineers often spend a long time with their analysis and try to manually deobfuscate the code. However, with the recent rise of symbolic execution and binary instrumentation frameworks, software deobfuscation also became much easier. This course teaches how to apply state-of-the-art program analysis techniques to simplify and extract the semantics of obfuscated code.


 

click here for more details



The Art of Fault Injection: Advanced Techniques & Attacks

Fault Injection is often the weapon of choice for breaking into devices when exploitable software vulnerabilities are not known or absent. While Fault Injection attacks are nowadays common, typical concepts, methodologies, techniques, and attacks are often not sufficiently understood. While achieving success by simply glitching a target can yield results, it's important to note that this approach alone doesn't facilitate the creation of innovative attacks. In this training, students will experience and appreciate the Art of Fault Injection (TAoFI) to exploit the full potential of Fault Injection attacks.


 

click here for more details



The FLARE Team's Guide to Reverse Engineering Modern Malware

This four-day, hands-on training provides a comprehensive deep dive into the complex world of modern Windows malware. The course, a culmination of years of frontline reverse engineering and incident response from the FLARE team at Google, equips you with the practical skills to dissect and understand even the most sophisticated threats. You'll gain a mastery of low-level Windows internals, reverse engineering tools, and automation by working with challenging samples.


 

click here for more details



Windows Internals for Reverse Engineers

Covering Windows 11 (24H2 + 25H2), the upcoming Windows 11 26H2, and Server 2025, you'll unravel how bootkits, software supply chain implants, backdoors, and other kernel and firmware malware work. You'll learn how they, and others, abuse various system functionality, obscure mechanisms, and data structures, in order to do their dirty work, and how you can too defend against it! You'll observe and experiment with how kernel-mode code operates and how it can be subject to compromise by user-mode attackers wishing to elevate their privileges, as well as how to detect, both live and forensically, such attempts.


 

click here for more details





Registration


To register for training, visit our registration page.


For questions about training content, prerequisites, or logistics, please contact us at info recon cx.



Hex-Rays Magnet Forensics Trail of Bits