IDA Pro Training Program

*
 Training Objective
Objective

The training program is intended to facilitate companies who adopt the IDA
Pro product, capable of utilizing IDA Pro and apply it technically right into the
working environment. The focus is on knowledge (know how), skill (how to)
and capability development (competency) to carry out the position
responsibilities, duties and tasks. As such, the training heavy emphasis on
hand on, learn by doing approach to assist trainees acquired the know-how
and how to relate to subject matters, in particular for those lengthy training
courses.

The training program may or may not be in the sequential steps or

modules/blocks state in the training program, however at the end, all the
training program objectives, topics will be covered. The result will be trainees
capable of performing systematic and professional use of the Product for
what trainees intend or serve as the good complementary and jump starting
into the product, while self reading extensive of the guide and documentation
is not viable or meet the trainee learning style.

Depend on the trainee requirement, the full training program for IDA Pro take
one (1) days for basic, three (3) days for standard, and five (5) days for
advanced, and additional days for extended training (example, custom scope
of additional topics to be covered to bridge your enterprise, department or
unit training requirement or mix with others Product etc), but it can be
shorten, for example one day by picking selective topics and run as custom
program basis, or by remove hand on assignment. Please consult with our
solution consultant for that matter.

E-SPIN certified trainers can be helped from high level organization

transformation (OT), organization development (OD) and managing change,
to respective training need analysis (TNA) focus and work backward
systematic training program join development, typical with the Enterprise
Customer HR development officer together for tailor made content
development. Feel free to engage E-SPIN for the custom scope of the
training program, but note a minimum quantity of the committed trainees is
required to offset the custom training content development cost for both ends.

© E-SPIN INTERNATIONAL GROUP OF COMPANIES

*
 Basic IDA training (1 day)

All you need to know about IDA Pro to start reversing like a Malware Analyst. But do not want to
spend multiple days that are too intensive for you as a beginner to the subject matter.
We will mainly cover IDA Pro for Windows and occasionally Linux, and introduce additional tools
as well, like decompiler plugins, scripts and packers.The course is very practical, focused on
examples that can be done straight away. There are no pre-requisites for this class other that a
Windows virtual machine and the will to learn.

Neither professional programming experience nor assembly language knowledge are required to
benefit from the course, although basic knowledge of both would be very helpful. The concepts
will be explained clearly and concisely and additional resources are always available. Most of the
content we make is available inside the E-SPIN elearning program, you need to login and follow
the instructor guide. After the event, you can download it as a pdf for future reference.

● How to disassemble programs into assembly code

● How to decompile programs to C code
● Static Analysis
● Dynamic Analysis using IDA's Debugger
● Patch files using IDA
● Understand Linux and Windows API's
● Identify entry points and functions
● Using NOPs and Reversing Jumps
● Reverse Crackmes and Patch them
● Learn to Assemble Instructions and Patch Bytes
● Algorithm Analysis and Testing
● Using Python to create solutions and keygens to crackmes
● and more

To get the most out of this course, we recommended doing all the exercises.
Who this course is for:Security testers, Malware analysts, Forensics investigators, System
administrators, Information security students, Anyone interested in information security in general
and reverse engineering in particular.

*
© E-SPIN International. All Right Reserved.
 Standard IDA training (3 days)

IDA - the binary software analysis tool

Who should attend: Security Engineers, Security Software Developers,

Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: good x86 assembly knowledge, basics MS Windows API, basic

programming skills in any procedural programming languages (C/C++ is
preferred)
This training will demonstrate the use of IDA to analyze binary programs on
modern operating systems. While the training will be mainly focused on
Microsoft Windows programs, the skills taught are universal and usable on
other IDA supported platform.

The following topics will be covered:

● Feature oriented introduction to the IDA architecture: the training will
focus on making the most of the core IDA disassembly features, its
debugger and IDC to dissect modern real world malware such as
MyDoom, Zotob and Warezov.
● Binary program analysis in IDA: where to begin, how to proceed toward
the goal
● The binary level representation of modern programs and how malware
abuses the conventions through code obfuscation, code hiding, etc.
Special techniques to handle obfuscated code.
● Problems encountered during analysis and how to handle them.
● Automating IDA: batch processing, scripts, plugins

*
© E-SPIN International. All Right Reserved.
 Standard IDA training (3 days)

Standard Course Outline:

● IDA overview
● Common executable file features
● Debugger
● IDC

● IDA features
● Memory organization
● FLIRT
● Type system
● IDS files

● Working with IDA

● Creating the database: various information sources
● Various views of the database
● Navigation
● Modifying the listing
● Patching the program
● With all this information, how do I start my analysis?

● Working with high level data

● Arrays
● Structures
● Enumerations and bitfields

● Advanced operations
● Offsets
● Bulk operations
● Special structure types
● Function prototypes
● Processor specific issues

● Code obfuscation
● Overview of obfuscation techniques
● Countermeasures
● Exercises with several real-world sample files

The training material has been updated to cover the latest additions to IDA.

*
© E-SPIN International. All Right Reserved.
 Programming for IDA (2 days)

IDA - extending and building upon it

Who should attend: Security Engineers, Security Software Developers,

Researchers, Forensic Specialists, Virus Analysts, Software Validators

Prerequisites: IDA user skills, programming skills in C/C++ languages

This training is intended for experienced IDA users who want to take
advantage of its open architecture by extending and improving it. You will
learn how to write modules to modify the listing, react to events,
decrypt/uncompress data right in the database, and many other things. After
the course you will have solid understanding of its concepts, classes, and
programming interface.

We will implement several useful plugins. Be prepared to program a lot in this

training!
C/C++ programming skills as well as solid reverse engineering experience
are required.

*
© E-SPIN International. All Right Reserved.
 Programming for IDA (2 days)

● IDA architecture overview

○ Modules
○ Memory representation
○ Database organization
● SDK
○ Setting up
○ Processor module framework
○ Loader framework
○ Plugin framework
○ How to debug custom modules
● IDA subsystems
○ Utils: i/o, custom stl, regex, misc
○ Database: netnodes and flags
○ Foundations: bytes, names, offsets, etc
○ Address range class: segments and functions
○ Accessing and using IDC
○ Cross-references
○ Functions
○ Events
○ Type information
○ Structures and enums
○ Debugger
○ User interface
○ Graphing
○ Decompiler framework
● Plugin programming
○ General guidelines
○ Plugin samples/exercises
■ Colorizer
■ Object extractor
■ Debugger helper
■ Type information
■ Graph plugin
■ Processor extension
■ Reaction to events

*
© E-SPIN International. All Right Reserved.
 IDA Pro Advanced (5 Day)

Full Name of the course: E-SPIN's Hostile Code Analysis, Vulnerability Research and
Software Reverse Engineering Advanced Training with IDA Pro Advanced (5 Day)

PART I: Introduction to IDA

● Introduction to Disassembly
● Reversing and Disassembly Tools
● IDA Pro Background

PART II: Basic IDA Usage

● Getting Started with IDA
● IDA Data Displays
● Disassembly Navigation
● Disassembly Manipulation
● Datatypes and Data Structures
● Cross-References and Graphing
● The Many Faces of IDA

PART III: Advanced IDA Usage

● Customizing IDA
● Library Recognition Using FLIRT Signatures
● Extending IDA's Knowledge
● Patching Binaries and Other IDA Limitations

PART IV: Extending IDA's Capabilities

● IDA Scripting
● The IDA Software Development Kit
● The IDA Plug-in Architecture
● Binary Files and IDA Loader Modules
● IDA Processor Modules

PART V: Real-World Applications

● Compiler Personalities
● Obfuscated Code Analysis
● Vulnerability Analysis
● Real-World IDA Plug-ins

PART VI: The IDA Debugger

● The IDA Debugger
● Disassembler/Debugger Integration
● Additional Debugger Features

*
© E-SPIN International. All Right Reserved.