Introduction
Since the release of IMBT Binary Ninja Edition we have been working on an advanced malware binary triage course featuring Binary Ninja and open source tools for static, dynamic and automated analysis of Microsoft Windows binaries. We are proud to announce the release of our new flagship course, Advanced Malware Binary Triage (AMBT)!
The AMBT course provides a comprehensive overview of advanced techniques implemented by malware authors to thwart detection by security technologies and prevent analysis by reverse engineers. Throughout this course you will learn how to reverse engineer real-world malware variants that implement these techniques and how to implement automation methodologies to address them. This includes advanced red team tools, kernel mode drivers, and prolific crimeware (including loaders and ransomware) used in high profile attacks and takedowns.
Overview
This course is the next logical progression from the IMBT course, which provides a comprehensive introduction to the malware binary triage process. The AMBT course contains eleven modules, seventeen labs, and two exams that deliver both a theoretical and practical overview of advanced techniques. Students will examine PE64 binaries, Intel x86-64 assembly, Binary Ninja’s intermediate languages, and automation via the Binary Ninja Python interface. The curriculum also covers advanced binary analysis, automated symbol and type recovery, malicious driver static and dynamic analysis, shellcode and position-independent code, time-travel debugging, and bypassing sophisticated anti-analysis and obfuscation techniques, concluding with advanced comparative analysis, automated YARA rule generation and malware processing pipeline development. You can check out the course page for further information.
Personal License
In addition to the course materials, you will receive a complimentary personal (named, non-commercial) Binary Ninja license with your purchase of the AMBT Binary Ninja edition course. This will give you access to updates for one year and enable you to leverage advanced capabilities of Binary Ninja, such as its multiple architectures and Python API.
Special Thanks
We’d like to thank ReRoot, Birk, hashp4, Andrew H and UserWithUsername for their help during the early access period of this course.
Course Trailer
All the best,
The Invoke RE Team