THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The modules do NOT include viruses or infected files! If your antivirus reports an infection, this is because of specific tricks inside the exercises!

	Version 1.001
	Description Size: 6 MB. This is the first real release packaged as distro. All available modules are included.

C++ Fundamentals

C++ is widely used in the software industry, and remains one of the most popular languages ever created. Some of its application domains include systems software, application software, device drivers, embedded software, high-performance server and client applications, and entertainment software such as video games. This module includes 32 exercises plus 4 exams.

1. Tools you need for this module: Visual Studio Express Edition for C++ or Eclipse IDE for C++
2. Recommended Reading: Algorithms in C++, Parts 1-4: Fundamentals, Data Structure, Sorting, Searching, 3rd Edition By Robert Sedgewick

Assembly Language Fundamentals

Assembly languages are a family of low-level languages for programming computers, microprocessors, microcontrollers, and other (usually) integrated circuits. They implement a symbolic representation of the numeric machine codes and other constants needed to program a particular CPU architecture. This representation is usually defined by the hardware manufacturer, and is based on abbreviations (called mnemonics) that help the programmer remember individual instructions, registers, etc. An assembly language is thus specific to a certain physical or virtual computer architecture (as opposed to most high-level languages, which are usually portable). This module includes 17 exercises plus 3 exams.

1. Tools you need for this module: MASM32, Visual Studio Express Edition for C++ with Irvines Setup
2. Recommended Reading: Assembly Language for Intel-Based Computers, 5th Edition by Kip Irvine

HLL Mapping

This time we will focus on HLL Mapping exercises. In this module we will learn how to identify specific data structures from HLL code and how they look in assembly language within the disassembler / debugger. We will use methods from Cognitive Debugging™ to improve our skills. This module includes 96 exercises.

1. Tools you need for this module: IDA Pro 4.9 (Free Edition)
2. Recommended Reading: Intel® 64 and IA-32 Architectures Software Developer’s Manuals, Assembly Language for Intel-Based Computers, 5th Edition by Kip Irvine, Calling conventions for different C++ compilers and operating systems by Agner Fog, The IDA Pro Book by Chris Eagle
3. Contents: identify variables, identify constants, assign operator, arithmetic operators, modulo, compound assignment, increase and decrease, relational and equality operators, logical operators, conditional operator, comma operator, bitwise operators, explicit type casting operator, sizeof, precedence of operators, conditional structure if and else, the while loop, the do-while loop, the for loop, the break statement, the continue statement, the goto statement, the exit function, the selective structure switch, local variables, global variables, register variables, pass global variables explicitly, pass arguments via registers, pass rguments via registers, passing floating point arguments to a function, arguments passed by value, arguments passed by reference, default values in parameters, overloaded functions, inline functions, calling a function using a pointer, initializing arrays, accessing the values of an array, multidimensional arrays, arrays as parameters, character sequences, using null-terminated sequences of characters, reference operator, dereference operator, declaring variables of pointer types, pointers and arrays, pointer initialization, pointer arithmetics, pointers to pointers, void pointers, null pointer, pointers to functions, new operator, delete operator, data structures, array of structures, pointers to structures, nesting structures, typedef, typedef2, unions, anonymous unions, enumerations, classes 01, classes 02, constructor, destructor, overloading constructors, default constructor, pointers to classes, overloading operators, the keyword this, static members, friend functions, friend classes, inheritance between classes, inheritance, multiple inheritance, pointers to base class, virtual members, abstract base classes, abstract base classes, abstract base classes, function templates, function templates, class templates, template specialization, Non-type parameters for templates, exceptions, standard exceptions, bad alloc exception, type casting, dynamic cast, static cast, reinterpret cast, const cast, typeid

Manual Decompilation

It is not always necessary to use a tool for code understanding. In most cases you need your brain only. The manual decompilation exercises will train code reading and understanding. We will use methods from Cognitive Debugging™ to improve our skills. Your job is to analyze the given examples and to produce C++ code from this code! This module includes 9 exercises.

1. Tools you need for this module: Your brain
2. Recommended Reading: Assembly Language for Intel-Based Computers, 5th Edition by Kip Irvine, Intel® 64 and IA-32 Architectures Software Developer’s Manuals

File Understanding

Anayzing code is not enough. You need a very well understanding how binary applications are build and how they use operating system resources. In this The Binary Auditor™ module you will learn about internal working, PE file structure and more. This module includes 31 exercises.

1. Tools you need for this module: IDA Pro 4.9 (Free Edition)
2. Recommended Reading: The PE file format by Luevelsmeyer, Portable Executable File Format – A Reverse Engineer View by Goppit

Algorithm Analysis

These exercises will train to understand algorithms within binaries. There is no obfuscation or encryption inside but pure mathematical little challenges. Goal ist to understand mathematical processes within a binary which is very common in many application areas. This module includes 9 exercises.

1. Tools you need for this module: IDA Pro 4.9 (Free Edition)
2. Recommended Reading: Assembly Language for Intel-Based Computers, 5th Edition by Kip Irvine

Crash Analysis

Not all applications are designed well. In some cases they crash without any notice and you need to analyze why this happens. During this The Binary Auditor™ module you will learn how to locate crash locations and increase your performance in finding these. This module includes 5 exercises.

1. Tools you need for this module: IDA Pro 4.9 (Free Edition)
2. Recommended Reading: Assembly Language for Intel-Based Computers, 5th Edition by Kip Irvine

Copy Protection Analysis

One of the tasks of a Binary Auditor™ is to do audits on copy protections. This job can be quite hard because you need to understand the target as well as the copy protection itself. Since copy protection audits are a 100% black box testing approach this The Binary Auditor™ module gives you a first insight on how to black box test your own designed copy protection. Focus is on the algorithm analysis. Beside this you learn how not to design your own copy protection. This module will (once completed) include 50 exercises.

1. Tools you need for this module: IDA Pro 4.9 (Free Edition)
2. Recommended Reading: none
3. Contents: 01 – Patching a basic reverseme, 02 – Keyfiling a basic reverseme, 03 – Basic nag removal and header problems, 04 – File Format Exercise, 05 – Splish 1, 06 – Splish 2, 07 – Fixme, 08 – Google, 09 – Capture, 09.1 – CHALLENGE, 10 – Confuzed, 11 – Calc, 12 – Little Math, 13 – emesrever, 14 – FunnyKeyReg, 15 – Old Days, 16 – Easy Crackme Game, 17 – SecView, 18 – ImportExport, 19 – Harder Serial in VB, 20.1 – Exportme, 20.2 – Consolences, 21 – XORcise, 22 – Fsearch, 23 – Jumpy, 24 – mmfmaker, 25 – String, 26 – MakeMyDay, 27 – Anit, 28 – TheFlea, 29 – Kryptonite, 30 – EasyCrack, 31 – UnlockMe, 32 – Mad Bad Boy, 33 – Serial Killer, 34 – CronosHardCrackme, 35.1 – SmartCard, 35.2 – Flames, 36 – ProofMe, 37 – SETI, 38 – ChainFission, 39 – XorSehRE, 40 – PHP, 41 – flyAkite, 42 – DanceForMe, 43 – TheBug, 44 – Mission Impossible, 45 – ReversersStegoFriend, 46 – Limbada, 47 – LogonGenetic

Malware Analysis

Malware analysis is essential for any Binary Auditor™. We will start with few very simple malware including smaller .com / .exe viruses and move forward to very complex and protected ones including worms, bots and rootkits. This module includes 15 exercises.

1. Download: NO PUBLIC RELEASE!
2. Tools you need for this module: IDA Pro 4.9 (Free Edition)
3. Recommended Reading: Malicious Cryptography: Exposing Cryptovirology by Adam Young

Vulnerability Analysis

Security analysis is an important job for a Binary Auditor™. In this The Binary Auditor™ module we will deal with various types of vulnerability and learn what exploits and shellcodes are. This module includes 39 exercises.

1. Tools you need for this module: IDA Pro 4.9 (Free Edition)
2. Recommended Reading: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes by Jak Koziol et al.

Unpacking

Unpacking of files is an essential task for a Binary Auditor™, especially if you want to deal with malware or copy protection analysis. In this module you will learn how basic unpacking is working and the theory behind. This module includes 10 exercises.

1. Tools you need for this module: IDA Pro 4.9 (Free Edition)
2. Recommended Reading: none

C++ Optimization

This is an optimization module for advanced C++ programmers. Topics include: The choice of platform and operating system. Choice of compiler and framework. Finding performance bottlenecks. The efficiency of different C++ constructs. Multi-core systems. Parallelization with vector operations. CPU dispatching. Efficient container class templates. This module includes 20 exercises.

1. Tools you need for this module: Visual Studio Express Edition for C++ or Eclipse IDE for C++
2. Recommended Reading: Algorithms in C++, Parts 1-4: Fundamentals, Data Structure, Sorting, Searching, 3rd Edition By Robert Sedgewick, Optimizing software in C++: An optimization guide for Windows, Linux and Mac platforms by Agner Fog

Assembly Language Optimization

This is an optimization module for advanced assembly language programmers and compiler makers. Topics include: C++ instrinsic functions, inline assembly and stand-alone assembly. Linking optimized assembly subroutines into high level language programs. Making subroutine libraries compatible with multiple compilers and operating systems. Optimizing for speed or size. Memory access. Loops. Vector programming (XMM, SIMD). CPU-specific optimization and CPU dispatching.

1. Tools you need for this module: MASM32, Visual Studio Express Edition for C++ with Irvines Setup
2. Recommended Reading: Assembly Language for Intel-Based Computers, 5th Edition by Kip Irvine, Optimizing subroutines in assembly language: An optimization guide for x86 platforms by Agner Fog

Enhancing IDA Pro with scripts and plugins

IDA Pro combines an interactive, programmable, multi-processor disassembler coupled to a local and remote debugger and augmented by a complete plugin programming environment. IDA Pro contains a complete development environment that consists of a very powerful macro-like language that can be used to automate simple to medium complexity tasks. For more advanced tasks, the open plugin architecture puts no limits on what external developers can do to enhance IDA Pro’s functionality. This module includes 10 exercises.

1. Tools you need for this module: IDA Pro 5.4 + SDK
2. Recommended Reading: IDA Plug-In Writing in C/C++ by Steve Micallef, The IDA Pro Book by Chris Eagle