BlackHoodie Virtual - Introduction to Reverse Engineering x86-64

Dedicated to Ruth Bader Ginsburg
“Women belong in all places where decisions are being made” - RBG, 2009

Ruth Bader Ginsburg was an associate justice on the United States Supreme Court, and even before that, a long-time fighter for gender equality. She influenced the legal system in the United States to enforce equal treatment of sexes in front of the law. She fought for equal pay, equal benefits, equal responsibilities, and equal opportunities. Ginsberg used to stress how gender equality benefits all of society, and she fought cases for both, men and women, in order to build a healthier future for all of us. Here is a short but precise read on laws that RBG has helped pass to achieve equality: We believe that education is an important building block in ensuring equal opportunities.

However, BlackHoodie has no intention to engage in any political matter and expresses no opinion on any aspect of Justice Ginsburg’s work except for her fight in gender equality.

Who: Anybody who is interested
When: October 26 & 29, November 2 & 5, 8-10am Pacific Time (PST)
How: Register here

2020 has brought us many peculiar changes, one of which is: BlackHoodie will finally go virtual. We’ve been refusing to enable online participation for years, for the simple reason: For classical BlackHoodie trainings the personal connection is key. We don’t only train people, we also want to build community, and foster friendships and mentorships.

However, 2020 happened, and we adapt. BlackHoodie Virtual will be open to anybody who would like to attend.

OK, now what’s the plan?

BlackHoodie Virtual will be one virtual class on x86-64 Reverse Engineering, introductory level, split up into 4 two-hour chunks. The trainings will happen October 26 & 29, and November 2 & 5, from 8-10am Pacific Time. Classes will be very hands-on, I do have slides, but only for warm up, and most of the time we’ll be spending inside tools.

The training will be introductory, but very fast paced. Without prior experience on the subject the students are advised to diligently do their homework :) The RE learning curve is steep and 8h isn’t much. The prerequisites are having a computer with internet connection, ideally Windows on x86-64 hardware, otherwise a Windows virtual machine will do. You’ll need to be able to install and run IDAPro Community edition, Ghidra, HxD, CFF Explorer and a text editor of choice.

Having coded in C before and some basic understanding of CPU architecture are very beneficial. Focus of the training will be Windows 64bit binaries, written in C.

Tools to install: - get IDAPro Freeware (only disassembles x86-64, no debugger) - download and install Ghidra, pay attention to the JDK instructions - get HxD 2.4 - get the CFF Explorer standalone

Workshop materials will be available on the BlackHoodie github shortly before class. Please register through the RSVP link in TL;DR so you can receive my instruction e-mails. PS.: This is the first time I’m doing an online training. If things don’t bake out exactly as planned, please be patient with me :) :)

The topics I plan to cover:

  • x86-64 Assembly
  • Binary control flow
  • Functions, function stack and calling conventions
  • Binary formats
  • OS API
  • Disassemblers & Debuggers
  • Exercises
  • Exercises
  • Exercises