Introduction

After over 6 months of development, we are proud to announce the release of the Binary Ninja Edition of the Introduction to Malware Binary Triage (IMBT) course!

IMBT Binary Ninja Edition provides a comprehensive overview of the malware binary triage process. Malware triage refers to the process of analyzing and categorizing malicious software (malware) to quickly identify its capabilities, and potential impact. This is a crucial step in the field of cybersecurity, where security professionals need to rapidly assess and respond to emerging threats in order to mitigate their potential damage.

Overview

This course uses Binary Ninja for reverse engineering native Windows binaries. We chose to port the original (IDA) edition of this course to Binary Ninja in order to leverage its powerful disassembler, decompiler and Python API interface that we’ve used extensively in recent streams, workshops and blogs. It is well supported, frequently updated and is commonly used for malware analysis within the information security industry. Binary Ninja is also competitively priced, and provides support for a large amount of CPU architectures out of the box.

Like the IDA edition of the course, you will learn to reverse engineer real-world malware samples, including a nation state SMB worm, prolific loaders used by cybercriminals and a ransomware variant that has been used to attack critical infrastructure. A comprehensive overview all modules included in the course (which extend well-beyond static analysis with Binary Ninja) can be found on our training website.

Personal License

In addition to the course materials, you will receive a complimentary personal (named, non-commercial) Binary Ninja license with your purchase of the IMBT Binary Ninja edition course. This will give you access to updates for one year and enable you to leverage advanced capabilities of Binary Ninja, such as its multiple architectures and Python API.

Special Thanks

We’d like to thank ReRoot, SHELLsnapper, moval0x1 for their assistance and feedback during the early access period of this course. We’d also like to thank Vector 35 for allowing us to offer licenses with the course purchases, and assisting us with this process.

All the best,

The Invoke RE Team